Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ssa-613116
Vulnerability from csaf_siemens
Published
2025-08-12 00:00
Modified
2025-08-12 00:00
Summary
SSA-613116: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1
Notes
Summary
SINEC OS before V3.1 contains third-party components with multiple vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SINEC OS before V3.1 contains third-party components with multiple vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-613116: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"category": "self",
"summary": "SSA-613116: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-613116.json"
}
],
"title": "SSA-613116: Multiple Vulnerabilities in Third-Party Components in SINEC OS before V3.1",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-613116",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.1",
"product": {
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK6242-6PA00"
]
}
}
}
],
"category": "product_name",
"name": "RUGGEDCOM RST2428P (6GK6242-6PA00)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.1",
"product": {
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c3.1",
"product": {
"name": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-44879",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2021-44879"
},
{
"cve": "CVE-2022-48935",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: unregister flowtable hooks on netns exit",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2022-48935"
},
{
"cve": "CVE-2023-3567",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-3567"
},
{
"cve": "CVE-2023-5178",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-5178"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"category": "summary",
"text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5717",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2023-6040",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-6040"
},
{
"cve": "CVE-2023-6121",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-6121"
},
{
"cve": "CVE-2023-6606",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-6606"
},
{
"cve": "CVE-2023-6931",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-6931"
},
{
"cve": "CVE-2023-6932",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-6932"
},
{
"cve": "CVE-2023-35827",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-35827"
},
{
"cve": "CVE-2023-39198",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-39198"
},
{
"cve": "CVE-2023-45863",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-45863"
},
{
"cve": "CVE-2023-46343",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-46343"
},
{
"cve": "CVE-2023-51779",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-51779"
},
{
"cve": "CVE-2023-51780",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-51780"
},
{
"cve": "CVE-2023-51781",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-51781"
},
{
"cve": "CVE-2023-51782",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-51782"
},
{
"cve": "CVE-2023-52340",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52340"
},
{
"cve": "CVE-2023-52433",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52433"
},
{
"cve": "CVE-2023-52435",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: prevent mss overflow in skb_segment()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52435"
},
{
"cve": "CVE-2023-52475",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nInput: powermate - fix use-after-free in powermate_config_complete",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52475"
},
{
"cve": "CVE-2023-52477",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: hub: Guard against accesses to uninitialized BOS descriptors",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52477"
},
{
"cve": "CVE-2023-52478",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nHID: logitech-hidpp: Fix kernel crash on receiver USB disconnect",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52478"
},
{
"cve": "CVE-2023-52486",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm: Don\u0027t unref the same fb many times by mistake due to deadlock handling",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52486"
},
{
"cve": "CVE-2023-52502",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52502"
},
{
"cve": "CVE-2023-52504",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nx86/alternatives: Disable KASAN in apply_alternatives()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52504"
},
{
"cve": "CVE-2023-52507",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfc: nci: assert requested protocol is valid",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52507"
},
{
"cve": "CVE-2023-52509",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nravb: Fix use-after-free issue in ravb_tx_timeout_work()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52509"
},
{
"cve": "CVE-2023-52510",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nieee802154: ca8210: Fix a potential UAF in ca8210_probe",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52510"
},
{
"cve": "CVE-2023-52581",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: fix memleak when more than 255 elements expired",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52581"
},
{
"cve": "CVE-2023-52583",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nceph: fix deadlock or deadcode of misusing dget()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52583"
},
{
"cve": "CVE-2023-52587",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nIB/ipoib: Fix mcast list locking",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52587"
},
{
"cve": "CVE-2023-52594",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52594"
},
{
"cve": "CVE-2023-52595",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: rt2x00: restart beacon queue when hardware reset",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52595"
},
{
"cve": "CVE-2023-52597",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: s390: fix setting of fpc register",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52597"
},
{
"cve": "CVE-2023-52598",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ns390/ptrace: handle setting of fpc register correctly",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52598"
},
{
"cve": "CVE-2023-52599",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in diNewExt",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52599"
},
{
"cve": "CVE-2023-52600",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix uaf in jfs_evict_inode",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52600"
},
{
"cve": "CVE-2023-52601",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in dbAdjTree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52601"
},
{
"cve": "CVE-2023-52602",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix slab-out-of-bounds Read in dtSearch",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52602"
},
{
"cve": "CVE-2023-52603",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nUBSAN: array-index-out-of-bounds in dtSplitRoot",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52603"
},
{
"cve": "CVE-2023-52604",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52604"
},
{
"cve": "CVE-2023-52606",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\npowerpc/lib: Validate size for vector operations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52606"
},
{
"cve": "CVE-2023-52607",
"cwe": {
"id": "CWE-395",
"name": "Use of NullPointerException Catch to Detect NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52607"
},
{
"cve": "CVE-2023-52615",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52615"
},
{
"cve": "CVE-2023-52617",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52617"
},
{
"cve": "CVE-2023-52619",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\npstore/ram: Fix crash when setting number of cpus to an odd number",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52619"
},
{
"cve": "CVE-2023-52622",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52622"
},
{
"cve": "CVE-2023-52623",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nSUNRPC: Fix a suspicious RCU usage warning",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52623"
},
{
"cve": "CVE-2023-52637",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52637"
},
{
"cve": "CVE-2023-52654",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nio_uring/af_unix: disable sending io_uring over sockets",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52654"
},
{
"cve": "CVE-2023-52655",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: aqc111: check packet for fixup for true limit",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52655"
},
{
"cve": "CVE-2023-52670",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nrpmsg: virtio: Free driver_override when rpmsg_remove()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52670"
},
{
"cve": "CVE-2023-52753",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd/display: Avoid NULL dereference of timing generator",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52753"
},
{
"cve": "CVE-2023-52764",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52764"
},
{
"cve": "CVE-2023-52774",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ns390/dasd: protect device queue against concurrent access",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52774"
},
{
"cve": "CVE-2023-52784",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbonding: stop the device in bond_setup_by_slave()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52784"
},
{
"cve": "CVE-2023-52789",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntty: vcc: Add check for kstrdup() in vcc_probe()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52789"
},
{
"cve": "CVE-2023-52791",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni2c: core: Run atomic i2c xfer when !preemptible",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52791"
},
{
"cve": "CVE-2023-52796",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipvlan: add ipvlan_route_v6_outbound() helper",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52796"
},
{
"cve": "CVE-2023-52799",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in dbFindLeaf",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52799"
},
{
"cve": "CVE-2023-52804",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/jfs: Add validity check for db_maxag and db_agpref",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52804"
},
{
"cve": "CVE-2023-52805",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\njfs: fix array-index-out-of-bounds in diAlloc",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52805"
},
{
"cve": "CVE-2023-52806",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nALSA: hda: Fix possible null-ptr-deref when assigning a stream",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52806"
},
{
"cve": "CVE-2023-52809",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52809"
},
{
"cve": "CVE-2023-52810",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/jfs: Add check for negative db_l2nbperpage",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52810"
},
{
"cve": "CVE-2023-52813",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncrypto: pcrypt - Fix hungtask for PADATA_RESET",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52813"
},
{
"cve": "CVE-2023-52817",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52817"
},
{
"cve": "CVE-2023-52818",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52818"
},
{
"cve": "CVE-2023-52819",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52819"
},
{
"cve": "CVE-2023-52832",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: don\u0027t return unset power in ieee80211_get_tx_power()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52832"
},
{
"cve": "CVE-2023-52835",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nperf/core: Bail out early if the request AUX area is out of bound",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52835"
},
{
"cve": "CVE-2023-52836",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nlocking/ww_mutex/test: Fix potential workqueue corruption",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52836"
},
{
"cve": "CVE-2023-52838",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: imsttfb: fix a resource leak in probe",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52838"
},
{
"cve": "CVE-2023-52840",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nInput: synaptics-rmi4 - fix use after free in rmi_unregister_function()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52840"
},
{
"cve": "CVE-2023-52843",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: verify mac len before reading mac header",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52843"
},
{
"cve": "CVE-2023-52845",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52845"
},
{
"cve": "CVE-2023-52847",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmedia: bttv: fix use after free error due to btv-\u003etimeout timer",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52847"
},
{
"cve": "CVE-2023-52853",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhid: cp2112: Fix duplicate workqueue initialization",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52853"
},
{
"cve": "CVE-2023-52855",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: dwc2: fix possible NULL pointer dereference caused by driver concurrency",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52855"
},
{
"cve": "CVE-2023-52858",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52858"
},
{
"cve": "CVE-2023-52864",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nplatform/x86: wmi: Fix opening of char device",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52864"
},
{
"cve": "CVE-2023-52865",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52865"
},
{
"cve": "CVE-2023-52867",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndrm/radeon: possible buffer overflow",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52867"
},
{
"cve": "CVE-2023-52868",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nthermal: core: prevent potential string overflow",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52868"
},
{
"cve": "CVE-2023-52871",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsoc: qcom: llcc: Handle a second device without data corruption",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52871"
},
{
"cve": "CVE-2023-52873",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52873"
},
{
"cve": "CVE-2023-52875",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52875"
},
{
"cve": "CVE-2023-52876",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nclk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52876"
},
{
"cve": "CVE-2023-52879",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntracing: Have trace_event_file have ref counters",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52879"
},
{
"cve": "CVE-2023-52881",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntcp: do not accept ACK of bytes we never sent",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52881"
},
{
"cve": "CVE-2023-52919",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2023-52919"
},
{
"cve": "CVE-2024-0193",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-0193"
},
{
"cve": "CVE-2024-0584",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-0584"
},
{
"cve": "CVE-2024-0646",
"cwe": {
"id": "CWE-1314",
"name": "Missing Write Protection for Parametric Data Values"
},
"notes": [
{
"category": "summary",
"text": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-0646"
},
{
"cve": "CVE-2024-0841",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-0841"
},
{
"cve": "CVE-2024-1086",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-1086"
},
{
"cve": "CVE-2024-26581",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_set_rbtree: skip end interval element from gc",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26581"
},
{
"cve": "CVE-2024-26593",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ni2c: i801: Fix block process call transactions",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26593"
},
{
"cve": "CVE-2024-26598",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26598"
},
{
"cve": "CVE-2024-26600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26600"
},
{
"cve": "CVE-2024-26602",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nsched/membarrier: reduce the ability to hammer on sys_membarrier",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26602"
},
{
"cve": "CVE-2024-26606",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbinder: signal epoll threads of self-work",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26606"
},
{
"cve": "CVE-2024-26615",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26615"
},
{
"cve": "CVE-2024-26625",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: call sock_orphan() at release time",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26625"
},
{
"cve": "CVE-2024-26635",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: Drop support for ETH_P_TR_802_2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26635"
},
{
"cve": "CVE-2024-26636",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nllc: make llc_ui_sendmsg() more robust against bonding changes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26636"
},
{
"cve": "CVE-2024-26645",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26645"
},
{
"cve": "CVE-2024-26663",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26663"
},
{
"cve": "CVE-2024-26664",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nhwmon: (coretemp) Fix out-of-bounds memory access",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26664"
},
{
"cve": "CVE-2024-26671",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26671"
},
{
"cve": "CVE-2024-26673",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26673"
},
{
"cve": "CVE-2024-26675",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nppp_async: limit MRU to 64K",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26675"
},
{
"cve": "CVE-2024-26679",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ninet: read sk-\u003esk_family once in inet_recv_error()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26679"
},
{
"cve": "CVE-2024-26684",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26684"
},
{
"cve": "CVE-2024-26685",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix potential bug in end_buffer_async_write",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26685"
},
{
"cve": "CVE-2024-26688",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26688"
},
{
"cve": "CVE-2024-26696",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26696"
},
{
"cve": "CVE-2024-26697",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnilfs2: fix data corruption in dsync block recovery for small block sizes",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26697"
},
{
"cve": "CVE-2024-26702",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26702"
},
{
"cve": "CVE-2024-26704",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: fix double-free of blocks due to wrong extents moved_len",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26704"
},
{
"cve": "CVE-2024-26720",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26720"
},
{
"cve": "CVE-2024-26722",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26722"
},
{
"cve": "CVE-2024-26735",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: sr: fix possible use-after-free and null-ptr-deref",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26736",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nafs: Increase buffer size in afs_update_volume_status()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26736"
},
{
"cve": "CVE-2024-26748",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: cdns3: fix memory double free when handle zero packet",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26748"
},
{
"cve": "CVE-2024-26749",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26749"
},
{
"cve": "CVE-2024-26751",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nARM: ep93xx: Add terminator to gpiod_lookup_table",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26751"
},
{
"cve": "CVE-2024-26752",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nl2tp: pass correct message length to ip6_append_data",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26752"
},
{
"cve": "CVE-2024-26754",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26754"
},
{
"cve": "CVE-2024-26763",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndm-crypt: don\u0027t modify the data when using authenticated encryption",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26763"
},
{
"cve": "CVE-2024-26764",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26764"
},
{
"cve": "CVE-2024-26766",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26766"
},
{
"cve": "CVE-2024-26772",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\r\n\r\nPlaces the logic for checking if the group\u0027s block bitmap is corrupt under\r\nthe protection of the group lock to avoid allocating blocks from the group\r\nwith a corrupted block bitmap.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26772"
},
{
"cve": "CVE-2024-26773",
"cwe": {
"id": "CWE-413",
"name": "Improper Resource Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found().",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26773"
},
{
"cve": "CVE-2024-26777",
"cwe": {
"id": "CWE-369",
"name": "Divide By Zero"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: sis: Error out if pixclock equals zero",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26777"
},
{
"cve": "CVE-2024-26778",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nfbdev: savage: Error out if pixclock equals zero",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26778"
},
{
"cve": "CVE-2024-26779",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: mac80211: fix race condition on enabling fast-xmit",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26779"
},
{
"cve": "CVE-2024-26788",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: fsl-qdma: init irq after reg initialization",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26788"
},
{
"cve": "CVE-2024-26790",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26790"
},
{
"cve": "CVE-2024-26791",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nbtrfs: dev-replace: properly validate device names",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26791"
},
{
"cve": "CVE-2024-26793",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ngtp: fix use-after-free and null-ptr-deref in gtp_newlink()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26793"
},
{
"cve": "CVE-2024-26801",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: Avoid potential use-after-free in hci_error_reset",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26801"
},
{
"cve": "CVE-2024-26804",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet: ip_tunnel: prevent perpetual headroom growth",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26804"
},
{
"cve": "CVE-2024-26805",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in skb_datagram_iter.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26805"
},
{
"cve": "CVE-2024-26825",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26825"
},
{
"cve": "CVE-2024-26835",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: nf_tables: set dormant flag on hook register failure",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26835"
},
{
"cve": "CVE-2024-26839",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nIB/hfi1: Fix a memleak in init_credit_return",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26839"
},
{
"cve": "CVE-2024-26840",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ncachefiles: fix memory leak in cachefiles_add_cache()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26840"
},
{
"cve": "CVE-2024-26845",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nscsi: target: core: Add TMF to tmr_list handling",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26845"
},
{
"cve": "CVE-2024-26910",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnetfilter: ipset: fix performance regression in swap operation",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-26910"
},
{
"cve": "CVE-2024-27405",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nusb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27405"
},
{
"cve": "CVE-2024-27410",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nwifi: nl80211: reject iftype change with mesh ID change",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27410"
},
{
"cve": "CVE-2024-27412",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\npower: supply: bq27xxx-i2c: Do not free non existing IRQ",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27412"
},
{
"cve": "CVE-2024-27413",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nefi/capsule-loader: fix incorrect allocation size",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27413"
},
{
"cve": "CVE-2024-27414",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27414"
},
{
"cve": "CVE-2024-27416",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27416"
},
{
"cve": "CVE-2024-27417",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-27417"
},
{
"cve": "CVE-2024-35833",
"cwe": {
"id": "CWE-311",
"name": "Missing Encryption of Sensitive Data"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\ndmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-35833"
},
{
"cve": "CVE-2024-35835",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nnet/mlx5e: fix a double-free in arfs_create_groups",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-35835"
},
{
"cve": "CVE-2024-39476",
"cwe": {
"id": "CWE-667",
"name": "Improper Locking"
},
"notes": [
{
"category": "summary",
"text": "In the Linux kernel, the following vulnerability has been resolved:\r\n\r\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V3.1 or later version",
"product_ids": [
"1",
"2",
"3"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109977557/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3"
]
}
],
"title": "CVE-2024-39476"
}
]
}
CVE-2024-26764 (GCVE-0-2024-26764)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the
following kernel warning appears:
WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8
Call trace:
kiocb_set_cancel_fn+0x9c/0xa8
ffs_epfile_read_iter+0x144/0x1d0
io_read+0x19c/0x498
io_issue_sqe+0x118/0x27c
io_submit_sqes+0x25c/0x5fc
__arm64_sys_io_uring_enter+0x104/0xab0
invoke_syscall+0x58/0x11c
el0_svc_common+0xb4/0xf4
do_el0_svc+0x2c/0xb0
el0_svc+0x2c/0xa4
el0t_64_sync_handler+0x68/0xb4
el0t_64_sync+0x1a4/0x1a8
Fix this by setting the IOCB_AIO_RW flag for read and write I/O that is
submitted by libaio.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:05:37.687851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:01.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/aio.c",
"include/linux/fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "337b543e274fe7a8f47df3c8293cc6686ffa620f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ea1cd64d59f22d6d13f367d62ec6e27b9344695f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7b6fa97ec894edd02f64b83e5e72e1aa352f353",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "18f614369def2a11a52f569fe0f910b199d13487",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e7e23fc5d5fe422827c9a43ecb579448f73876c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1dc7d74fe456944a9b1c57bd776280249f441ac6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b820de741ae48ccf50dd95e297889c286ff4f760",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/aio.c",
"include/linux/fs.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:58.706Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f"
},
{
"url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942"
},
{
"url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f"
},
{
"url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353"
},
{
"url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487"
},
{
"url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7"
},
{
"url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6"
},
{
"url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760"
}
],
"title": "fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26764",
"datePublished": "2024-04-03T17:00:46.962Z",
"dateReserved": "2024-02-19T14:20:24.172Z",
"dateUpdated": "2025-05-04T08:55:58.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52871 (GCVE-0-2023-52871)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: llcc: Handle a second device without data corruption
Usually there is only one llcc device. But if there were a second, even
a failed probe call would modify the global drv_data pointer. So check
if drv_data is valid before overwriting it.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 Version: a3134fb09e0bc5bee76e13bf863173b86f21cf87 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:17:57.620656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:42.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/llcc-qcom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc1a1dcb411fe224f48553cfdcdfe6e61395b69c",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "3565684309e54fa998ea27f37028d67cc3e1dff2",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "1143bfb9b055897975aeaea254da148e19524493",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
},
{
"lessThan": "f1a1bc8775b26345aba2be278118999e7f661d3d",
"status": "affected",
"version": "a3134fb09e0bc5bee76e13bf863173b86f21cf87",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/soc/qcom/llcc-qcom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: llcc: Handle a second device without data corruption\n\nUsually there is only one llcc device. But if there were a second, even\na failed probe call would modify the global drv_data pointer. So check\nif drv_data is valid before overwriting it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:47.112Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc1a1dcb411fe224f48553cfdcdfe6e61395b69c"
},
{
"url": "https://git.kernel.org/stable/c/5e5b85ea0f4bc484bfe4cc73ead51fa48d2366a0"
},
{
"url": "https://git.kernel.org/stable/c/995ee1e84e8db7fa5dcdde7dfe0bd7bb6f9bbb8c"
},
{
"url": "https://git.kernel.org/stable/c/f0ef883cae309bc5e8cdfcdbc1b4822732ce20a8"
},
{
"url": "https://git.kernel.org/stable/c/3565684309e54fa998ea27f37028d67cc3e1dff2"
},
{
"url": "https://git.kernel.org/stable/c/1143bfb9b055897975aeaea254da148e19524493"
},
{
"url": "https://git.kernel.org/stable/c/f1a1bc8775b26345aba2be278118999e7f661d3d"
}
],
"title": "soc: qcom: llcc: Handle a second device without data corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52871",
"datePublished": "2024-05-21T15:32:00.922Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:47.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51782 (GCVE-0-2023-51782)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T21:06:48.195981",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"url": "https://github.com/torvalds/linux/commit/810c38a369a0a0ce625b5c12169abce1dd9ccd53"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51782",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-25T00:00:00",
"dateUpdated": "2024-08-02T22:48:11.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26910 (GCVE-0-2024-26910)
Vulnerability from cvelistv5
Published
2024-04-17 15:59
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 427deb5ba5661c4ae1cfb35955d2e01bd5f3090a Version: e7152a138a5ac77439ff4e7a7533448a7d4c260d Version: 8bb930c3a1eacec1b14817f565ff81667c7c5dfa Version: 875ee3a09e27b7adb7006ca6d16faf7f33415aa5 Version: 23c31036f862582f98386120aee55c9ae23d7899 Version: 28628fa952fefc7f2072ce6e8016968cc452b1ba Version: 28628fa952fefc7f2072ce6e8016968cc452b1ba Version: a12606e5ad0cee8f4ba3ec68561c4d6275d2df57 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T14:01:29.284146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:39.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter/ipset/ip_set.h",
"net/netfilter/ipset/ip_set_bitmap_gen.h",
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_hash_gen.h",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c7f2733e5011bfd136f1ca93497394d43aa76225",
"status": "affected",
"version": "427deb5ba5661c4ae1cfb35955d2e01bd5f3090a",
"versionType": "git"
},
{
"lessThan": "a24d5f2ac8ef702a58e55ec276aad29b4bd97e05",
"status": "affected",
"version": "e7152a138a5ac77439ff4e7a7533448a7d4c260d",
"versionType": "git"
},
{
"lessThan": "c2dc077d8f722a1c73a24e674f925602ee5ece49",
"status": "affected",
"version": "8bb930c3a1eacec1b14817f565ff81667c7c5dfa",
"versionType": "git"
},
{
"lessThan": "653bc5e6d9995d7d5f497c665b321875a626161c",
"status": "affected",
"version": "875ee3a09e27b7adb7006ca6d16faf7f33415aa5",
"versionType": "git"
},
{
"lessThan": "b93a6756a01f4fd2f329a39216f9824c56a66397",
"status": "affected",
"version": "23c31036f862582f98386120aee55c9ae23d7899",
"versionType": "git"
},
{
"lessThan": "970709a67696b100a57b33af1a3d75fc34b747eb",
"status": "affected",
"version": "28628fa952fefc7f2072ce6e8016968cc452b1ba",
"versionType": "git"
},
{
"lessThan": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"status": "affected",
"version": "28628fa952fefc7f2072ce6e8016968cc452b1ba",
"versionType": "git"
},
{
"status": "affected",
"version": "a12606e5ad0cee8f4ba3ec68561c4d6275d2df57",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter/ipset/ip_set.h",
"net/netfilter/ipset/ip_set_bitmap_gen.h",
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_hash_gen.h",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:08.631Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
},
{
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
}
],
"title": "netfilter: ipset: fix performance regression in swap operation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26910",
"datePublished": "2024-04-17T15:59:21.967Z",
"dateReserved": "2024-02-19T14:20:24.188Z",
"dateUpdated": "2025-05-04T12:55:08.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26688 (GCVE-0-2024-26688)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
When configuring a hugetlb filesystem via the fsconfig() syscall, there is
a possible NULL dereference in hugetlbfs_fill_super() caused by assigning
NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize
is non valid.
E.g: Taking the following steps:
fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC);
fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced
with NULL, losing its previous value, and we will print an error:
...
...
case Opt_pagesize:
ps = memparse(param->string, &rest);
ctx->hstate = h;
if (!ctx->hstate) {
pr_err("Unsupported page size %lu MB\n", ps / SZ_1M);
return -EINVAL;
}
return 0;
...
...
This is a problem because later on, we will dereference ctxt->hstate in
hugetlbfs_fill_super()
...
...
sb->s_blocksize = huge_page_size(ctx->hstate);
...
...
Causing below Oops.
Fix this by replacing cxt->hstate value only when then pagesize is known
to be valid.
kernel: hugetlbfs: Unsupported page size 0 MB
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0
kernel: Oops: 0000 [#1] PREEMPT SMP PTI
kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f
kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017
kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0
kernel: Call Trace:
kernel: <TASK>
kernel: ? __die_body+0x1a/0x60
kernel: ? page_fault_oops+0x16f/0x4a0
kernel: ? search_bpf_extables+0x65/0x70
kernel: ? fixup_exception+0x22/0x310
kernel: ? exc_page_fault+0x69/0x150
kernel: ? asm_exc_page_fault+0x22/0x30
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: ? hugetlbfs_fill_super+0xb4/0x1a0
kernel: ? hugetlbfs_fill_super+0x28/0x1a0
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: vfs_get_super+0x40/0xa0
kernel: ? __pfx_bpf_lsm_capable+0x10/0x10
kernel: vfs_get_tree+0x25/0xd0
kernel: vfs_cmd_create+0x64/0xe0
kernel: __x64_sys_fsconfig+0x395/0x410
kernel: do_syscall_64+0x80/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? exc_page_fault+0x69/0x150
kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76
kernel: RIP: 0033:0x7ffbc0cb87c9
kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48
kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af
kernel: RAX: fffffffffff
---truncated---
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 Version: 32021982a324dce93b4ae00c06213bf45fb319c8 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:03.970404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:32.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/hugetlbfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1dde8ef4b7a749ae1bc73617c91775631d167557",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "80d852299987a8037be145a94f41874228f1a773",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "22850c9950a4e43a67299755d11498f3292d02ff",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "2e2c07104b4904aed1389a59b25799b95a85b5b9",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "13c5a9fb07105557a1fa9efdb4f23d7ef30b7274",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "ec78418801ef7b0c22cd6a30145ec480dd48db39",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
},
{
"lessThan": "79d72c68c58784a3e1cd2378669d51bfd0cb7498",
"status": "affected",
"version": "32021982a324dce93b4ae00c06213bf45fb319c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/hugetlbfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\n\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx-\u003ehstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\n\nE.g: Taking the following steps:\n\n fd = fsopen(\"hugetlbfs\", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, \"pagesize\", \"1024\", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\n\nGiven that the requested \"pagesize\" is invalid, ctxt-\u003ehstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\n\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param-\u003estring, \u0026rest);\n ctx-\u003ehstate = h;\n if (!ctx-\u003ehstate) {\n pr_err(\"Unsupported page size %lu MB\\n\", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\n\nThis is a problem because later on, we will dereference ctxt-\u003ehstate in\nhugetlbfs_fill_super()\n\n ...\n ...\n sb-\u003es_blocksize = huge_page_size(ctx-\u003ehstate);\n ...\n ...\n\nCausing below Oops.\n\nFix this by replacing cxt-\u003ehstate value only when then pagesize is known\nto be valid.\n\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 \u003c8b\u003e 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:06.156Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557"
},
{
"url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773"
},
{
"url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff"
},
{
"url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9"
},
{
"url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274"
},
{
"url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39"
},
{
"url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498"
}
],
"title": "fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26688",
"datePublished": "2024-04-03T14:54:49.964Z",
"dateReserved": "2024-02-19T14:20:24.154Z",
"dateUpdated": "2025-05-04T08:54:06.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26702 (GCVE-0-2024-26702)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
Recently, we encounter kernel crash in function rm3100_common_probe
caused by out of bound access of array rm3100_samp_rates (because of
underlying hardware failures). Add boundary check to prevent out of
bound access.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 Version: 121354b2eceb2669ebdffa76b105ad6c03413966 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:20:17.184977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:06:19.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iio/magnetometer/rm3100-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7200170e88e3ec54d9e9c63f07514c3cead11481",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "36a49290d7e6d554020057a409747a092b1d3b56",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "8d5838a473e8e6d812257c69745f5920e4924a60",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "176256ff8abff29335ecff905a09fb49e8dcf513",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "1d8c67e94e9e977603473a543d4f322cf2c4aa01",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "57d05dbbcd0b3dc0c252103b43012eef5d6430d1",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
},
{
"lessThan": "792595bab4925aa06532a14dd256db523eb4fa5e",
"status": "affected",
"version": "121354b2eceb2669ebdffa76b105ad6c03413966",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iio/magnetometer/rm3100-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\n\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:24.314Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481"
},
{
"url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56"
},
{
"url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60"
},
{
"url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513"
},
{
"url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01"
},
{
"url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1"
},
{
"url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e"
}
],
"title": "iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26702",
"datePublished": "2024-04-03T14:55:01.025Z",
"dateReserved": "2024-02-19T14:20:24.157Z",
"dateUpdated": "2025-05-04T08:54:24.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52919 (GCVE-0-2023-52919)
Vulnerability from cvelistv5
Published
2024-10-22 07:37
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
Handle memory allocation failure from nci_skb_alloc() (calling
alloc_skb()) to avoid possible NULL pointer dereference.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 Version: 391d8a2da787257aeaf952c974405b53926e3fb3 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:10:43.843732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:35.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b2edf089df3a69f0072c6e71563394c5a94e62e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "5622592f8f74ae3e594379af02e64ea84772d0dd",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "76050b0cc5a72e0c7493287b7e18e1cb9e3c4612",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "c95fa5b20fe03609e0894656fa43c18045b5097e",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "ffdc881f68073ff86bf21afb9bb954812e8278be",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "d7dbdbe3800a908eecd4975c31be47dd45e2104a",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "bb6cacc439ddd2cd51227ab193f4f91cfc7f014f",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
},
{
"lessThan": "7937609cd387246aed994e81aa4fa951358fba41",
"status": "affected",
"version": "391d8a2da787257aeaf952c974405b53926e3fb3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.11"
},
{
"lessThan": "3.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.137",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.60",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.137",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.60",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.9",
"versionStartIncluding": "3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: fix possible NULL pointer dereference in send_acknowledge()\n\nHandle memory allocation failure from nci_skb_alloc() (calling\nalloc_skb()) to avoid possible NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:59.898Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b2edf089df3a69f0072c6e71563394c5a94e62e"
},
{
"url": "https://git.kernel.org/stable/c/5622592f8f74ae3e594379af02e64ea84772d0dd"
},
{
"url": "https://git.kernel.org/stable/c/76050b0cc5a72e0c7493287b7e18e1cb9e3c4612"
},
{
"url": "https://git.kernel.org/stable/c/c95fa5b20fe03609e0894656fa43c18045b5097e"
},
{
"url": "https://git.kernel.org/stable/c/ffdc881f68073ff86bf21afb9bb954812e8278be"
},
{
"url": "https://git.kernel.org/stable/c/d7dbdbe3800a908eecd4975c31be47dd45e2104a"
},
{
"url": "https://git.kernel.org/stable/c/bb6cacc439ddd2cd51227ab193f4f91cfc7f014f"
},
{
"url": "https://git.kernel.org/stable/c/7937609cd387246aed994e81aa4fa951358fba41"
}
],
"title": "nfc: nci: fix possible NULL pointer dereference in send_acknowledge()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52919",
"datePublished": "2024-10-22T07:37:28.091Z",
"dateReserved": "2024-08-21T06:07:11.017Z",
"dateUpdated": "2025-05-04T07:45:59.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48935 (GCVE-0-2022-48935)
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unregister flowtable hooks on netns exit
Unregister flowtable hooks before they are releases via
nf_tables_flowtable_destroy() otherwise hook core reports UAF.
BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142
Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666
CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
__dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106
dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106
print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247
__kasan_report mm/kasan/report.c:433 [inline]
__kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450
kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450
nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142
__nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429
nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571
nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232
nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]
nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652
nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652
nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652
__nft_release_hook() calls nft_unregister_flowtable_net_hooks() which
only unregisters the hooks, then after RCU grace period, it is
guaranteed that no packets add new entries to the flowtable (no flow
offload rules and flowtable hooks are reachable from packet path), so it
is safe to call nf_flow_table_free() which cleans up the remaining
entries from the flowtable (both software and hardware) and it unbinds
the flow_block.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:32:37.130969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:09.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e51f30826bc5384801df98d76109c94953d1df64",
"status": "affected",
"version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
"versionType": "git"
},
{
"lessThan": "8ffb8ac3448845f65634889b051bd65e4dee484b",
"status": "affected",
"version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
"versionType": "git"
},
{
"lessThan": "b4fcc081e527aa2ce12e956912fc47e251f6bd27",
"status": "affected",
"version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
"versionType": "git"
},
{
"lessThan": "6069da443bf65f513bb507bb21e2f87cfb1ad0b6",
"status": "affected",
"version": "ff4bf2f42a40e7dff28379f085b64df322c70b45",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.198",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.26",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.12",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unregister flowtable hooks on netns exit\n\nUnregister flowtable hooks before they are releases via\nnf_tables_flowtable_destroy() otherwise hook core reports UAF.\n\nBUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\nRead of size 4 at addr ffff8880736f7438 by task syz-executor579/3666\n\nCPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n __dump_stack lib/dump_stack.c:88 [inline] lib/dump_stack.c:106\n dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 lib/dump_stack.c:106\n print_address_description+0x65/0x380 mm/kasan/report.c:247 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n __kasan_report mm/kasan/report.c:433 [inline] mm/kasan/report.c:450\n kasan_report+0x19a/0x1f0 mm/kasan/report.c:450 mm/kasan/report.c:450\n nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142\n __nf_register_net_hook+0x27e/0x8d0 net/netfilter/core.c:429 net/netfilter/core.c:429\n nf_register_net_hook+0xaa/0x180 net/netfilter/core.c:571 net/netfilter/core.c:571\n nft_register_flowtable_net_hooks+0x3c5/0x730 net/netfilter/nf_tables_api.c:7232 net/netfilter/nf_tables_api.c:7232\n nf_tables_newflowtable+0x2022/0x2cf0 net/netfilter/nf_tables_api.c:7430 net/netfilter/nf_tables_api.c:7430\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] net/netfilter/nfnetlink.c:652\n nfnetlink_rcv+0x10e6/0x2550 net/netfilter/nfnetlink.c:652 net/netfilter/nfnetlink.c:652\n\n__nft_release_hook() calls nft_unregister_flowtable_net_hooks() which\nonly unregisters the hooks, then after RCU grace period, it is\nguaranteed that no packets add new entries to the flowtable (no flow\noffload rules and flowtable hooks are reachable from packet path), so it\nis safe to call nf_flow_table_free() which cleans up the remaining\nentries from the flowtable (both software and hardware) and it unbinds\nthe flow_block."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:04.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e51f30826bc5384801df98d76109c94953d1df64"
},
{
"url": "https://git.kernel.org/stable/c/8ffb8ac3448845f65634889b051bd65e4dee484b"
},
{
"url": "https://git.kernel.org/stable/c/b4fcc081e527aa2ce12e956912fc47e251f6bd27"
},
{
"url": "https://git.kernel.org/stable/c/6069da443bf65f513bb507bb21e2f87cfb1ad0b6"
}
],
"title": "netfilter: nf_tables: unregister flowtable hooks on netns exit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48935",
"datePublished": "2024-08-22T03:31:29.598Z",
"dateReserved": "2024-08-21T06:06:23.299Z",
"dateUpdated": "2025-06-19T12:39:04.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52858 (GCVE-0-2023-52858)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3b5e748615e7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.261"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.201"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.139"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.63"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.12"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:00:23.134670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:50:32.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f861b63945e076f9f003a5fad958174096df1ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e964d21dc034b650d719c4ea39564bec72b42f94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a836efc21ef04608333d6d05753e558ebd1f85d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d89430fc3158f872d492f1b88d07262f48290c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fbea47eebff5daeca7d918c99289bcd3ae4dc8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2befa515c1bb6cdd33c262b909d93d1973a219aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "4f861b63945e076f9f003a5fad958174096df1ee",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "e964d21dc034b650d719c4ea39564bec72b42f94",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "a836efc21ef04608333d6d05753e558ebd1f85d0",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "1d89430fc3158f872d492f1b88d07262f48290c0",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "5fbea47eebff5daeca7d918c99289bcd3ae4dc8d",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "2befa515c1bb6cdd33c262b909d93d1973a219aa",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:26.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e8ae4b49dd9cfde69d8de8c0c0cd7cf1b004482e"
},
{
"url": "https://git.kernel.org/stable/c/4f861b63945e076f9f003a5fad958174096df1ee"
},
{
"url": "https://git.kernel.org/stable/c/e964d21dc034b650d719c4ea39564bec72b42f94"
},
{
"url": "https://git.kernel.org/stable/c/a836efc21ef04608333d6d05753e558ebd1f85d0"
},
{
"url": "https://git.kernel.org/stable/c/1d89430fc3158f872d492f1b88d07262f48290c0"
},
{
"url": "https://git.kernel.org/stable/c/5fbea47eebff5daeca7d918c99289bcd3ae4dc8d"
},
{
"url": "https://git.kernel.org/stable/c/2befa515c1bb6cdd33c262b909d93d1973a219aa"
}
],
"title": "clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52858",
"datePublished": "2024-05-21T15:31:51.891Z",
"dateReserved": "2024-05-21T15:19:24.258Z",
"dateUpdated": "2025-05-04T07:44:26.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26663 (GCVE-0-2024-26663)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
syzbot reported the following general protection fault [1]:
general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]
...
RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291
...
Call Trace:
<TASK>
tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646
tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089
genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972
genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]
genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067
netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367
netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
____sys_sendmsg+0x6ac/0x940 net/socket.c:2584
___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
__sys_sendmsg+0x117/0x1e0 net/socket.c:2667
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
The cause of this issue is that when tipc_nl_bearer_add() is called with
the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called
even if the bearer is not UDP.
tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that
the media_ptr field of the tipc_bearer has an udp_bearer type object, so
the function goes crazy for non-UDP bearers.
This patch fixes the issue by checking the bearer type before calling
tipc_udp_nl_bearer_add() in tipc_nl_bearer_add().
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f Version: ef20cd4dd1633987bcf46ac34ace2c8af212361f |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:01:46.365302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:45.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24ec8f0da93b8a9fba11600be8a90f0d73fb46f1",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "6f70f0b412458c622a12d4292782c8e92e210c2f",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "19d7314f2fb9515bdaac9829d4d8eb34edd1fe95",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "3d3a5b31b43515b5752ff282702ca546ec3e48b6",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "888e3524be87f3df9fa3c083484e4b62b3e3bb59",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "0cd331dfd6023640c9669d0592bc0fd491205f87",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
},
{
"lessThan": "3871aa01e1a779d866fa9dfdd5a836f342f4eb87",
"status": "affected",
"version": "ef20cd4dd1633987bcf46ac34ace2c8af212361f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/bearer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()\n\nsyzbot reported the following general protection fault [1]:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]\n...\nRIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291\n...\nCall Trace:\n \u003cTASK\u003e\n tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646\n tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089\n genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972\n genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]\n genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584\n ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638\n __sys_sendmsg+0x117/0x1e0 net/socket.c:2667\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe cause of this issue is that when tipc_nl_bearer_add() is called with\nthe TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called\neven if the bearer is not UDP.\n\ntipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that\nthe media_ptr field of the tipc_bearer has an udp_bearer type object, so\nthe function goes crazy for non-UDP bearers.\n\nThis patch fixes the issue by checking the bearer type before calling\ntipc_udp_nl_bearer_add() in tipc_nl_bearer_add()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:24.984Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24ec8f0da93b8a9fba11600be8a90f0d73fb46f1"
},
{
"url": "https://git.kernel.org/stable/c/6f70f0b412458c622a12d4292782c8e92e210c2f"
},
{
"url": "https://git.kernel.org/stable/c/19d7314f2fb9515bdaac9829d4d8eb34edd1fe95"
},
{
"url": "https://git.kernel.org/stable/c/c1701ea85ef0ec7be6a1b36c7da69f572ed2fd12"
},
{
"url": "https://git.kernel.org/stable/c/3d3a5b31b43515b5752ff282702ca546ec3e48b6"
},
{
"url": "https://git.kernel.org/stable/c/888e3524be87f3df9fa3c083484e4b62b3e3bb59"
},
{
"url": "https://git.kernel.org/stable/c/0cd331dfd6023640c9669d0592bc0fd491205f87"
},
{
"url": "https://git.kernel.org/stable/c/3871aa01e1a779d866fa9dfdd5a836f342f4eb87"
}
],
"title": "tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26663",
"datePublished": "2024-04-02T06:22:12.537Z",
"dateReserved": "2024-02-19T14:20:24.148Z",
"dateUpdated": "2025-05-04T08:53:24.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26788 (GCVE-0-2024-26788)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: init irq after reg initialization
Initialize the qDMA irqs after the registers are configured so that
interrupts that may have been pending from a primary kernel don't get
processed by the irq handler before it is ready to and cause panic with
the following trace:
Call trace:
fsl_qdma_queue_handler+0xf8/0x3e8
__handle_irq_event_percpu+0x78/0x2b0
handle_irq_event_percpu+0x1c/0x68
handle_irq_event+0x44/0x78
handle_fasteoi_irq+0xc8/0x178
generic_handle_irq+0x24/0x38
__handle_domain_irq+0x90/0x100
gic_handle_irq+0x5c/0xb8
el1_irq+0xb8/0x180
_raw_spin_unlock_irqrestore+0x14/0x40
__setup_irq+0x4bc/0x798
request_threaded_irq+0xd8/0x190
devm_request_threaded_irq+0x74/0xe8
fsl_qdma_probe+0x4d4/0xca8
platform_drv_probe+0x50/0xa0
really_probe+0xe0/0x3f8
driver_probe_device+0x64/0x130
device_driver_attach+0x6c/0x78
__driver_attach+0xbc/0x158
bus_for_each_dev+0x5c/0x98
driver_attach+0x20/0x28
bus_add_driver+0x158/0x220
driver_register+0x60/0x110
__platform_driver_register+0x44/0x50
fsl_qdma_driver_init+0x18/0x20
do_one_initcall+0x48/0x258
kernel_init_freeable+0x1a4/0x23c
kernel_init+0x10/0xf8
ret_from_fork+0x10/0x18
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:30:20.690408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:46.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cc5fb824c2125aa3740d905b3e5b378c8a09478",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "9579a21e99fe8dab22a253050ddff28d340d74e1",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "4529c084a320be78ff2c5e64297ae998c6fdf66b",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "474d521da890b3e3585335fb80a6044cb2553d99",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "a69c8bbb946936ac4eb6a6ae1e849435aa8d947d",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "677102a930643c31f1b4c512b041407058bdfef8",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "87a39071e0b639f45e05d296cc0538eef44ec0bd",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don\u0027t get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n Call trace:\n fsl_qdma_queue_handler+0xf8/0x3e8\n __handle_irq_event_percpu+0x78/0x2b0\n handle_irq_event_percpu+0x1c/0x68\n handle_irq_event+0x44/0x78\n handle_fasteoi_irq+0xc8/0x178\n generic_handle_irq+0x24/0x38\n __handle_domain_irq+0x90/0x100\n gic_handle_irq+0x5c/0xb8\n el1_irq+0xb8/0x180\n _raw_spin_unlock_irqrestore+0x14/0x40\n __setup_irq+0x4bc/0x798\n request_threaded_irq+0xd8/0x190\n devm_request_threaded_irq+0x74/0xe8\n fsl_qdma_probe+0x4d4/0xca8\n platform_drv_probe+0x50/0xa0\n really_probe+0xe0/0x3f8\n driver_probe_device+0x64/0x130\n device_driver_attach+0x6c/0x78\n __driver_attach+0xbc/0x158\n bus_for_each_dev+0x5c/0x98\n driver_attach+0x20/0x28\n bus_add_driver+0x158/0x220\n driver_register+0x60/0x110\n __platform_driver_register+0x44/0x50\n fsl_qdma_driver_init+0x18/0x20\n do_one_initcall+0x48/0x258\n kernel_init_freeable+0x1a4/0x23c\n kernel_init+0x10/0xf8\n ret_from_fork+0x10/0x18"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:32.671Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478"
},
{
"url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1"
},
{
"url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b"
},
{
"url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99"
},
{
"url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d"
},
{
"url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8"
},
{
"url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd"
}
],
"title": "dmaengine: fsl-qdma: init irq after reg initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26788",
"datePublished": "2024-04-04T08:20:20.410Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:32.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35827 (GCVE-0-2023-35827)
Vulnerability from cvelistv5
Published
2023-06-18 00:00
Modified
2024-08-02 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/netdev/msg886947.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0003/"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T21:06:49.656909",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.spinics.net/lists/netdev/msg886947.html"
},
{
"url": "https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0003/"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35827",
"datePublished": "2023-06-18T00:00:00",
"dateReserved": "2023-06-18T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52502 (GCVE-0-2023-52502)
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.
Getting a reference on the socket found in a lookup while
holding a lock should happen before releasing the lock.
nfc_llcp_sock_get_sn() has a similar problem.
Finally nfc_llcp_recv_snl() needs to make sure the socket
found by nfc_llcp_sock_from_sn() does not disappear.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 Version: 8f50020ed9b81ba909ce9573f9d05263cdebf502 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:30:02.589366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:59:47.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e863f5720a5680e50c4cecf12424d7cc31b3eb0a",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "7adcf014bda16cdbf804af5c164d94d5d025db2d",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "d888d3f70b0de32b4f51534175f039ddab15eef8",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
},
{
"lessThan": "31c07dffafce914c1d1543c135382a11ff058d93",
"status": "affected",
"version": "8f50020ed9b81ba909ce9573f9d05263cdebf502",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.6"
},
{
"lessThan": "3.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"versionStartIncluding": "3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:07.231Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e863f5720a5680e50c4cecf12424d7cc31b3eb0a"
},
{
"url": "https://git.kernel.org/stable/c/7adcf014bda16cdbf804af5c164d94d5d025db2d"
},
{
"url": "https://git.kernel.org/stable/c/6ac22ecdaad2ecc662048f8c6b0ceb1ca0699ef9"
},
{
"url": "https://git.kernel.org/stable/c/d888d3f70b0de32b4f51534175f039ddab15eef8"
},
{
"url": "https://git.kernel.org/stable/c/e4f2611f07c87b3ddb57c4b9e8efcd1e330fc3dc"
},
{
"url": "https://git.kernel.org/stable/c/d1af8a39cf839d93c8967fdd858f6bbdc3e4a15c"
},
{
"url": "https://git.kernel.org/stable/c/31c07dffafce914c1d1543c135382a11ff058d93"
}
],
"title": "net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52502",
"datePublished": "2024-03-02T21:52:17.218Z",
"dateReserved": "2024-02-20T12:30:33.313Z",
"dateUpdated": "2025-05-04T07:38:07.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52847 (GCVE-0-2023-52847)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: bttv: fix use after free error due to btv->timeout timer
There may be some a race condition between timer function
bttv_irq_timeout and bttv_remove. The timer is setup in
probe and there is no timer_delete operation in remove
function. When it hit kfree btv, the function might still be
invoked, which will cause use after free bug.
This bug is found by static analysis, it may be false positive.
Fix it by adding del_timer_sync invoking to the remove function.
cpu0 cpu1
bttv_probe
->timer_setup
->bttv_set_dma
->mod_timer;
bttv_remove
->kfree(btv);
->bttv_irq_timeout
->USE btv
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 Version: 162e6376ac58440beb6a2d2ee294f5d88ea58dd1 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T19:17:00.085705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T19:41:06.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/bt8xx/bttv-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "b35fdade92c5058a5e727e233fe263b828de2c9a",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "2f3d9198cdae1cb079ec8652f4defacd481eab2b",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "51c94256a83fe4e17406c66ff3e1ad7d242d8574",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "20568d06f6069cb835e05eed432edf962645d226",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "1871014d6ef4812ad11ef7d838d73ce09d632267",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "847599fffa528b2cdec4e21b6bf7586dad982132",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
},
{
"lessThan": "bd5b50b329e850d467e7bcc07b2b6bde3752fbda",
"status": "affected",
"version": "162e6376ac58440beb6a2d2ee294f5d88ea58dd1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/pci/bt8xx/bttv-driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bttv: fix use after free error due to btv-\u003etimeout timer\n\nThere may be some a race condition between timer function\nbttv_irq_timeout and bttv_remove. The timer is setup in\nprobe and there is no timer_delete operation in remove\nfunction. When it hit kfree btv, the function might still be\ninvoked, which will cause use after free bug.\n\nThis bug is found by static analysis, it may be false positive.\n\nFix it by adding del_timer_sync invoking to the remove function.\n\ncpu0 cpu1\n bttv_probe\n -\u003etimer_setup\n -\u003ebttv_set_dma\n -\u003emod_timer;\nbttv_remove\n -\u003ekfree(btv);\n -\u003ebttv_irq_timeout\n -\u003eUSE btv"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:14.058Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bbc3b8dd2cb7817e703f112d988e4f4728f0f2a9"
},
{
"url": "https://git.kernel.org/stable/c/b35fdade92c5058a5e727e233fe263b828de2c9a"
},
{
"url": "https://git.kernel.org/stable/c/2f3d9198cdae1cb079ec8652f4defacd481eab2b"
},
{
"url": "https://git.kernel.org/stable/c/51c94256a83fe4e17406c66ff3e1ad7d242d8574"
},
{
"url": "https://git.kernel.org/stable/c/20568d06f6069cb835e05eed432edf962645d226"
},
{
"url": "https://git.kernel.org/stable/c/1871014d6ef4812ad11ef7d838d73ce09d632267"
},
{
"url": "https://git.kernel.org/stable/c/847599fffa528b2cdec4e21b6bf7586dad982132"
},
{
"url": "https://git.kernel.org/stable/c/bd5b50b329e850d467e7bcc07b2b6bde3752fbda"
}
],
"title": "media: bttv: fix use after free error due to btv-\u003etimeout timer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52847",
"datePublished": "2024-05-21T15:31:44.513Z",
"dateReserved": "2024-05-21T15:19:24.255Z",
"dateUpdated": "2025-05-04T07:44:14.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26845 (GCVE-0-2024-26845)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: target: core: Add TMF to tmr_list handling
An abort that is responded to by iSCSI itself is added to tmr_list but does
not go to target core. A LUN_RESET that goes through tmr_list takes a
refcounter on the abort and waits for completion. However, the abort will
be never complete because it was not started in target core.
Unable to locate ITT: 0x05000000 on CID: 0
Unable to locate RefTaskTag: 0x05000000 on CID: 0.
wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop
...
INFO: task kworker/0:2:49 blocked for more than 491 seconds.
task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800
Workqueue: events target_tmr_work [target_core_mod]
Call Trace:
__switch_to+0x2c4/0x470
_schedule+0x314/0x1730
schedule+0x64/0x130
schedule_timeout+0x168/0x430
wait_for_completion+0x140/0x270
target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]
core_tmr_lun_reset+0x30/0xa0 [target_core_mod]
target_tmr_work+0xc8/0x1b0 [target_core_mod]
process_one_work+0x2d4/0x5d0
worker_thread+0x78/0x6c0
To fix this, only add abort to tmr_list if it will be handled by target
core.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:57:59.068880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:22.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "425a571a7e6fc389954cf2564e1edbba3740e171",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "11f3fe5001ed05721e641f0ecaa7a73b7deb245d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "168ed59170de1fd7274080fe102216162d6826cf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9849b67b4402a12eb35eadc9306c1ef9847d53d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e717bd412001495f17400bfc09f606f1b594ef5a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "36bc5040c863b44af06094b22f1e50059227b9cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "83ab68168a3d990d5ff39ab030ad5754cbbccb25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/target/target_core_device.c",
"drivers/target/target_core_transport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:50.292Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171"
},
{
"url": "https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d"
},
{
"url": "https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf"
},
{
"url": "https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d"
},
{
"url": "https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a"
},
{
"url": "https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb"
},
{
"url": "https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f"
},
{
"url": "https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25"
}
],
"title": "scsi: target: core: Add TMF to tmr_list handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26845",
"datePublished": "2024-04-17T10:10:09.337Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:50.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52835 (GCVE-0-2023-52835)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Bail out early if the request AUX area is out of bound
When perf-record with a large AUX area, e.g 4GB, it fails with:
#perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1
failed to mmap with 12 (Cannot allocate memory)
and it reveals a WARNING with __alloc_pages():
------------[ cut here ]------------
WARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248
Call trace:
__alloc_pages+0x1ec/0x248
__kmalloc_large_node+0xc0/0x1f8
__kmalloc_node+0x134/0x1e8
rb_alloc_aux+0xe0/0x298
perf_mmap+0x440/0x660
mmap_region+0x308/0x8a8
do_mmap+0x3c0/0x528
vm_mmap_pgoff+0xf4/0x1b8
ksys_mmap_pgoff+0x18c/0x218
__arm64_sys_mmap+0x38/0x58
invoke_syscall+0x50/0x128
el0_svc_common.constprop.0+0x58/0x188
do_el0_svc+0x34/0x50
el0_svc+0x34/0x108
el0t_64_sync_handler+0xb8/0xc0
el0t_64_sync+0x1a4/0x1a8
'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to
maintains AUX trace pages. The allocated page for this array is physically
contiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the
size of pointer array crosses the limitation set by MAX_ORDER, it reveals a
WARNING.
So bail out early with -ENOMEM if the request AUX area is out of bound,
e.g.:
#perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1
failed to mmap with 12 (Cannot allocate memory)
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:37.546418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c504f615d7ed60ae035c51d0c789137ced6797f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "788c0b3442ead737008934947730a6d1ff703734",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a2a4202c60fcdffbf04f259002ce9bff39edece",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd0df3f8719201dbe61a4d39083d5aecd705399a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ce4e87a8efd37c85766ec08b15e885cab08553a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2424410f94a94d91230ced094062d859714c984a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e905e608e38cf7f8dcddcf8a6036e91a78444cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54aee5f15b83437f23b2b2469bcf21bdd9823916",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/ring_buffer.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n\u0027rb-\u003eaux_pages\u0027 allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:00.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f"
},
{
"url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734"
},
{
"url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece"
},
{
"url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a"
},
{
"url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a"
},
{
"url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a"
},
{
"url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb"
},
{
"url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916"
}
],
"title": "perf/core: Bail out early if the request AUX area is out of bound",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52835",
"datePublished": "2024-05-21T15:31:36.239Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:44:00.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52637 (GCVE-0-2023-52637)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)
modifies jsk->filters while receiving packets.
Following trace was seen on affected system:
==================================================================
BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
Read of size 4 at addr ffff888012144014 by task j1939/350
CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
print_report+0xd3/0x620
? kasan_complete_mode_report_info+0x7d/0x200
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
kasan_report+0xc2/0x100
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
__asan_load4+0x84/0xb0
j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
j1939_sk_recv+0x20b/0x320 [can_j1939]
? __kasan_check_write+0x18/0x20
? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]
? j1939_simple_recv+0x69/0x280 [can_j1939]
? j1939_ac_recv+0x5e/0x310 [can_j1939]
j1939_can_recv+0x43f/0x580 [can_j1939]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
? raw_rcv+0x42/0x3c0 [can_raw]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
can_rcv_filter+0x11f/0x350 [can]
can_receive+0x12f/0x190 [can]
? __pfx_can_rcv+0x10/0x10 [can]
can_rcv+0xdd/0x130 [can]
? __pfx_can_rcv+0x10/0x10 [can]
__netif_receive_skb_one_core+0x13d/0x150
? __pfx___netif_receive_skb_one_core+0x10/0x10
? __kasan_check_write+0x18/0x20
? _raw_spin_lock_irq+0x8c/0xe0
__netif_receive_skb+0x23/0xb0
process_backlog+0x107/0x260
__napi_poll+0x69/0x310
net_rx_action+0x2a1/0x580
? __pfx_net_rx_action+0x10/0x10
? __pfx__raw_spin_lock+0x10/0x10
? handle_irq_event+0x7d/0xa0
__do_softirq+0xf3/0x3f8
do_softirq+0x53/0x80
</IRQ>
<TASK>
__local_bh_enable_ip+0x6e/0x70
netif_rx+0x16b/0x180
can_send+0x32b/0x520 [can]
? __pfx_can_send+0x10/0x10 [can]
? __check_object_size+0x299/0x410
raw_sendmsg+0x572/0x6d0 [can_raw]
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
? apparmor_socket_sendmsg+0x2f/0x40
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
sock_sendmsg+0xef/0x100
sock_write_iter+0x162/0x220
? __pfx_sock_write_iter+0x10/0x10
? __rtnl_unlock+0x47/0x80
? security_file_permission+0x54/0x320
vfs_write+0x6ba/0x750
? __pfx_vfs_write+0x10/0x10
? __fget_light+0x1ca/0x1f0
? __rcu_read_unlock+0x5b/0x280
ksys_write+0x143/0x170
? __pfx_ksys_write+0x10/0x10
? __kasan_check_read+0x15/0x20
? fpregs_assert_state_consistent+0x62/0x70
__x64_sys_write+0x47/0x60
do_syscall_64+0x60/0x90
? do_syscall_64+0x6d/0x90
? irqentry_exit+0x3f/0x50
? exc_page_fault+0x79/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Allocated by task 348:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_alloc_info+0x1f/0x30
__kasan_kmalloc+0xb5/0xc0
__kmalloc_node_track_caller+0x67/0x160
j1939_sk_setsockopt+0x284/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Freed by task 349:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_free_info+0x2f/0x50
__kasan_slab_free+0x12e/0x1c0
__kmem_cache_free+0x1b9/0x380
kfree+0x7a/0x120
j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c Version: 9d71dd0c70099914fcd063135da3c580865e924c |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:45:26.968713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:58.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/can/j1939/j1939-priv.h",
"net/can/j1939/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "08de58abedf6e69396e1207e4f99ef8904b2b532",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "978e50ef8c38dc71bd14d1b0143d554ff5d188ba",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "41ccb5bcbf03f02d820bc6ea8390811859f558f8",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "f84e7534457dcd7835be743517c35378bb4e7c50",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "fc74b9cb789cae061bbca7b203a3842e059f6b5d",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
},
{
"lessThan": "efe7cf828039aedb297c1f9920b638fffee6aabc",
"status": "affected",
"version": "9d71dd0c70099914fcd063135da3c580865e924c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/can/j1939/j1939-priv.h",
"net/can/j1939/socket.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)\n\nLock jsk-\u003esk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)\nmodifies jsk-\u003efilters while receiving packets.\n\nFollowing trace was seen on affected system:\n ==================================================================\n BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n Read of size 4 at addr ffff888012144014 by task j1939/350\n\n CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n Call Trace:\n print_report+0xd3/0x620\n ? kasan_complete_mode_report_info+0x7d/0x200\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n kasan_report+0xc2/0x100\n ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n __asan_load4+0x84/0xb0\n j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]\n j1939_sk_recv+0x20b/0x320 [can_j1939]\n ? __kasan_check_write+0x18/0x20\n ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]\n ? j1939_simple_recv+0x69/0x280 [can_j1939]\n ? j1939_ac_recv+0x5e/0x310 [can_j1939]\n j1939_can_recv+0x43f/0x580 [can_j1939]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n ? raw_rcv+0x42/0x3c0 [can_raw]\n ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]\n can_rcv_filter+0x11f/0x350 [can]\n can_receive+0x12f/0x190 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n can_rcv+0xdd/0x130 [can]\n ? __pfx_can_rcv+0x10/0x10 [can]\n __netif_receive_skb_one_core+0x13d/0x150\n ? __pfx___netif_receive_skb_one_core+0x10/0x10\n ? __kasan_check_write+0x18/0x20\n ? _raw_spin_lock_irq+0x8c/0xe0\n __netif_receive_skb+0x23/0xb0\n process_backlog+0x107/0x260\n __napi_poll+0x69/0x310\n net_rx_action+0x2a1/0x580\n ? __pfx_net_rx_action+0x10/0x10\n ? __pfx__raw_spin_lock+0x10/0x10\n ? handle_irq_event+0x7d/0xa0\n __do_softirq+0xf3/0x3f8\n do_softirq+0x53/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x6e/0x70\n netif_rx+0x16b/0x180\n can_send+0x32b/0x520 [can]\n ? __pfx_can_send+0x10/0x10 [can]\n ? __check_object_size+0x299/0x410\n raw_sendmsg+0x572/0x6d0 [can_raw]\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n ? apparmor_socket_sendmsg+0x2f/0x40\n ? __pfx_raw_sendmsg+0x10/0x10 [can_raw]\n sock_sendmsg+0xef/0x100\n sock_write_iter+0x162/0x220\n ? __pfx_sock_write_iter+0x10/0x10\n ? __rtnl_unlock+0x47/0x80\n ? security_file_permission+0x54/0x320\n vfs_write+0x6ba/0x750\n ? __pfx_vfs_write+0x10/0x10\n ? __fget_light+0x1ca/0x1f0\n ? __rcu_read_unlock+0x5b/0x280\n ksys_write+0x143/0x170\n ? __pfx_ksys_write+0x10/0x10\n ? __kasan_check_read+0x15/0x20\n ? fpregs_assert_state_consistent+0x62/0x70\n __x64_sys_write+0x47/0x60\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6d/0x90\n ? irqentry_exit+0x3f/0x50\n ? exc_page_fault+0x79/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Allocated by task 348:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_alloc_info+0x1f/0x30\n __kasan_kmalloc+0xb5/0xc0\n __kmalloc_node_track_caller+0x67/0x160\n j1939_sk_setsockopt+0x284/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\n Freed by task 349:\n kasan_save_stack+0x2a/0x50\n kasan_set_track+0x29/0x40\n kasan_save_free_info+0x2f/0x50\n __kasan_slab_free+0x12e/0x1c0\n __kmem_cache_free+0x1b9/0x380\n kfree+0x7a/0x120\n j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]\n __sys_setsockopt+0x15c/0x2f0\n __x64_sys_setsockopt+0x6b/0x80\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:29.900Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/08de58abedf6e69396e1207e4f99ef8904b2b532"
},
{
"url": "https://git.kernel.org/stable/c/978e50ef8c38dc71bd14d1b0143d554ff5d188ba"
},
{
"url": "https://git.kernel.org/stable/c/41ccb5bcbf03f02d820bc6ea8390811859f558f8"
},
{
"url": "https://git.kernel.org/stable/c/4dd684d4bb3cd5454e0bf6e2a1bdfbd5c9c872ed"
},
{
"url": "https://git.kernel.org/stable/c/f84e7534457dcd7835be743517c35378bb4e7c50"
},
{
"url": "https://git.kernel.org/stable/c/fc74b9cb789cae061bbca7b203a3842e059f6b5d"
},
{
"url": "https://git.kernel.org/stable/c/efe7cf828039aedb297c1f9920b638fffee6aabc"
}
],
"title": "can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52637",
"datePublished": "2024-04-03T14:54:40.262Z",
"dateReserved": "2024-03-06T09:52:12.093Z",
"dateUpdated": "2025-05-04T07:40:29.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26684 (GCVE-0-2024-26684)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: stmmac: xgmac: fix handling of DPP safety error for DMA channels
Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in
XGMAC core") checks and reports safety errors, but leaves the
Data Path Parity Errors for each channel in DMA unhandled at all, lead to
a storm of interrupt.
Fix it by checking and clearing the DMA_DPP_Interrupt_Status register.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 Version: 56e58d6c8a5640eb708e85866e9d243d0357ee54 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:13.472290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:33.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/common.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e9837c83befb5b852fa76425dde98a87b737df00",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "2fc45a4631ac7837a5c497cb4f7e2115d950fc37",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "6609e98ed82966a1b3168c142aca30f8284a7b89",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "e42ff0844fe418c7d03a14f9f90e1b91ba119591",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "7e0ff50131e9d1aa507be8e670d38e9300a5f5bf",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "3b48c9e258c8691c2f093ee07b1ea3764caaa1b2",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
},
{
"lessThan": "46eba193d04f8bd717e525eb4110f3c46c12aec3",
"status": "affected",
"version": "56e58d6c8a5640eb708e85866e9d243d0357ee54",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/stmicro/stmmac/common.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2.h",
"drivers/net/ethernet/stmicro/stmmac/dwxgmac2_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels\n\nCommit 56e58d6c8a56 (\"net: stmmac: Implement Safety Features in\nXGMAC core\") checks and reports safety errors, but leaves the\nData Path Parity Errors for each channel in DMA unhandled at all, lead to\na storm of interrupt.\nFix it by checking and clearing the DMA_DPP_Interrupt_Status register."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:59.612Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e9837c83befb5b852fa76425dde98a87b737df00"
},
{
"url": "https://git.kernel.org/stable/c/2fc45a4631ac7837a5c497cb4f7e2115d950fc37"
},
{
"url": "https://git.kernel.org/stable/c/6609e98ed82966a1b3168c142aca30f8284a7b89"
},
{
"url": "https://git.kernel.org/stable/c/e42ff0844fe418c7d03a14f9f90e1b91ba119591"
},
{
"url": "https://git.kernel.org/stable/c/7e0ff50131e9d1aa507be8e670d38e9300a5f5bf"
},
{
"url": "https://git.kernel.org/stable/c/3b48c9e258c8691c2f093ee07b1ea3764caaa1b2"
},
{
"url": "https://git.kernel.org/stable/c/46eba193d04f8bd717e525eb4110f3c46c12aec3"
}
],
"title": "net: stmmac: xgmac: fix handling of DPP safety error for DMA channels",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26684",
"datePublished": "2024-04-02T07:01:46.687Z",
"dateReserved": "2024-02-19T14:20:24.153Z",
"dateUpdated": "2025-05-04T08:53:59.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52753 (GCVE-0-2023-52753)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-07-11 17:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Avoid NULL dereference of timing generator
[Why & How]
Check whether assigned timing generator is NULL or not before
accessing its funcs to prevent NULL dereference.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c Version: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:43:36.953665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:11.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "09909f515032fa80b921fd3118efe66b185d10fd",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "eac3e4760aa12159f7f5475d55a67b7933abc195",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "79b6a90f4f2433312154cd68452b0ba501fa74db",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "4e497f1acd99075b13605b2e7fa0cba721a2cfd9",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "8a06894666e0b462c9316b26ab615cefdd0d676c",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "6d8653b1a7a8dc938b566ae8c4f373b36e792c68",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "df8bc953eed72371e43ca407bd063507f760cf89",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
},
{
"lessThan": "b1904ed480cee3f9f4036ea0e36d139cb5fee2d6",
"status": "affected",
"version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/core/dc_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid NULL dereference of timing generator\n\n[Why \u0026 How]\nCheck whether assigned timing generator is NULL or not before\naccessing its funcs to prevent NULL dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:19:34.797Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd"
},
{
"url": "https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195"
},
{
"url": "https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db"
},
{
"url": "https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9"
},
{
"url": "https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c"
},
{
"url": "https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68"
},
{
"url": "https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89"
},
{
"url": "https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb5fee2d6"
}
],
"title": "drm/amd/display: Avoid NULL dereference of timing generator",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52753",
"datePublished": "2024-05-21T15:30:41.548Z",
"dateReserved": "2024-05-21T15:19:24.234Z",
"dateUpdated": "2025-07-11T17:19:34.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52873 (GCVE-0-2023-52873)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 Version: 710774e048614c761a39a98e8d0fa75f688c83b6 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:20:52.471859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:59.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6779.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fbe466f06d4ea18745da0d57540539b7b36936ae",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "3994387ba3564976731179c4d4a6d7850ddda71a",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "ca6d565a2319d69d9766e6ecbb5af827fc4afb2b",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "a90239551abc181687f8c0ba60b276f7d75c141e",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
},
{
"lessThan": "1f57f78fbacf630430bf954e5a84caafdfea30c0",
"status": "affected",
"version": "710774e048614c761a39a98e8d0fa75f688c83b6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6779.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:49.415Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae"
},
{
"url": "https://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a"
},
{
"url": "https://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b"
},
{
"url": "https://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e"
},
{
"url": "https://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e"
},
{
"url": "https://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b"
},
{
"url": "https://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0"
}
],
"title": "clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52873",
"datePublished": "2024-05-21T15:32:07.253Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:49.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51779 (GCVE-0-2023-51779)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-29 18:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T17:06:18.646179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:54:00.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:06:56.480871",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768"
},
{
"name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3841-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51779",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-25T00:00:00",
"dateUpdated": "2024-08-29T18:54:00.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52819 (GCVE-0-2023-52819)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
For pptable structs that use flexible array sizes, use flexible arrays.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:21:07.724623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T19:06:09.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60a00dfc7c5deafd1dd393beaf53224f7256dad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d50a56749e5afdc63491b88f5153c1aae00d4679"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c1dbddbfcb051e82cea0c197c620f9dcdc38e92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a237675aa1e62bbfaa341c535331c8656a508fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0725232da777840703f5f1e22f2e3081d712aa4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c68283f3166221af3df5791f0e13d3137a72216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3b8b7c040cf069da7afe11c5bd73b870b8f3d18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f0e59075b5c22f1e871fbd508d6e4f495048356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "60a00dfc7c5deafd1dd393beaf53224f7256dad6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d50a56749e5afdc63491b88f5153c1aae00d4679",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c1dbddbfcb051e82cea0c197c620f9dcdc38e92",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a237675aa1e62bbfaa341c535331c8656a508fa1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0725232da777840703f5f1e22f2e3081d712aa4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c68283f3166221af3df5791f0e13d3137a72216",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b3b8b7c040cf069da7afe11c5bd73b870b8f3d18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f0e59075b5c22f1e871fbd508d6e4f495048356",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga\n\nFor pptable structs that use flexible array sizes, use flexible arrays."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:47.544Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/60a00dfc7c5deafd1dd393beaf53224f7256dad6"
},
{
"url": "https://git.kernel.org/stable/c/a63fd579e7b1c3a9ebd6e6c494d49b1b6cf5515e"
},
{
"url": "https://git.kernel.org/stable/c/d50a56749e5afdc63491b88f5153c1aae00d4679"
},
{
"url": "https://git.kernel.org/stable/c/8c1dbddbfcb051e82cea0c197c620f9dcdc38e92"
},
{
"url": "https://git.kernel.org/stable/c/a237675aa1e62bbfaa341c535331c8656a508fa1"
},
{
"url": "https://git.kernel.org/stable/c/d0725232da777840703f5f1e22f2e3081d712aa4"
},
{
"url": "https://git.kernel.org/stable/c/7c68283f3166221af3df5791f0e13d3137a72216"
},
{
"url": "https://git.kernel.org/stable/c/b3b8b7c040cf069da7afe11c5bd73b870b8f3d18"
},
{
"url": "https://git.kernel.org/stable/c/0f0e59075b5c22f1e871fbd508d6e4f495048356"
}
],
"title": "drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52819",
"datePublished": "2024-05-21T15:31:25.582Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:47.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52796 (GCVE-0-2023-52796)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipvlan: add ipvlan_route_v6_outbound() helper
Inspired by syzbot reports using a stack of multiple ipvlan devices.
Reduce stack size needed in ipvlan_process_v6_outbound() by moving
the flowi6 struct used for the route lookup in an non inlined
helper. ipvlan_route_v6_outbound() needs 120 bytes on the stack,
immediately reclaimed.
Also make sure ipvlan_process_v4_outbound() is not inlined.
We might also have to lower MAX_NEST_DEV, because only syzbot uses
setups with more than four stacked devices.
BUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000)
stack guard page: 0000 [#1] SMP KASAN
CPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
RIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188
Code: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89
RSP: 0018:ffffc9000e804000 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568
RBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c
R13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000
FS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<#DF>
</#DF>
<TASK>
[<ffffffff81f281d1>] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31
[<ffffffff817e5bf2>] instrument_atomic_read include/linux/instrumented.h:72 [inline]
[<ffffffff817e5bf2>] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
[<ffffffff817e5bf2>] cpumask_test_cpu include/linux/cpumask.h:506 [inline]
[<ffffffff817e5bf2>] cpu_online include/linux/cpumask.h:1092 [inline]
[<ffffffff817e5bf2>] trace_lock_acquire include/trace/events/lock.h:24 [inline]
[<ffffffff817e5bf2>] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632
[<ffffffff8563221e>] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306
[<ffffffff8561464d>] rcu_read_lock include/linux/rcupdate.h:747 [inline]
[<ffffffff8561464d>] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221
[<ffffffff85618120>] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606
[<ffffffff856f65b5>] pol_lookup_func include/net/ip6_fib.h:584 [inline]
[<ffffffff856f65b5>] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116
[<ffffffff85618009>] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638
[<ffffffff8561821a>] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651
[<ffffffff838bd5a3>] ip6_route_output include/net/ip6_route.h:100 [inline]
[<ffffffff838bd5a3>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline]
[<ffffffff838bd5a3>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]
[<ffffffff838bd5a3>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]
[<ffffffff838bd5a3>] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677
[<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229
[<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline]
[<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline]
[<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660
[<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324
[<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline]
[<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline]
[<f
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 Version: 2ad7bf3638411cb547f2823df08166c13ab04269 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:45:36.487225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:52.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f7f850611aa27aaaf1bf5687702ad2240ae442a",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "4d2d30f0792b47908af64c4d02ed1ee25ff50542",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "43b781e7cb5cd0b435de276111953bf2bacd1f02",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "732a67ca436887b594ebc43bb5a04ffb0971a760",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "8872dc638c24bb774cd2224a69d72a7f661a4d56",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "03cddc4df8c6be47fd27c8f8b87e5f9a989e1458",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
},
{
"lessThan": "18f039428c7df183b09c69ebf10ffd4e521035d2",
"status": "affected",
"version": "2ad7bf3638411cb547f2823df08166c13ab04269",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ipvlan/ipvlan_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: add ipvlan_route_v6_outbound() helper\n\nInspired by syzbot reports using a stack of multiple ipvlan devices.\n\nReduce stack size needed in ipvlan_process_v6_outbound() by moving\nthe flowi6 struct used for the route lookup in an non inlined\nhelper. ipvlan_route_v6_outbound() needs 120 bytes on the stack,\nimmediately reclaimed.\n\nAlso make sure ipvlan_process_v4_outbound() is not inlined.\n\nWe might also have to lower MAX_NEST_DEV, because only syzbot uses\nsetups with more than four stacked devices.\n\nBUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000)\nstack guard page: 0000 [#1] SMP KASAN\nCPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023\nRIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188\nCode: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 \u003c41\u003e 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89\nRSP: 0018:ffffc9000e804000 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2\nRDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568\nRBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c\nR13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000\nFS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003c#DF\u003e\n\u003c/#DF\u003e\n\u003cTASK\u003e\n[\u003cffffffff81f281d1\u003e] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31\n[\u003cffffffff817e5bf2\u003e] instrument_atomic_read include/linux/instrumented.h:72 [inline]\n[\u003cffffffff817e5bf2\u003e] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]\n[\u003cffffffff817e5bf2\u003e] cpumask_test_cpu include/linux/cpumask.h:506 [inline]\n[\u003cffffffff817e5bf2\u003e] cpu_online include/linux/cpumask.h:1092 [inline]\n[\u003cffffffff817e5bf2\u003e] trace_lock_acquire include/trace/events/lock.h:24 [inline]\n[\u003cffffffff817e5bf2\u003e] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632\n[\u003cffffffff8563221e\u003e] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306\n[\u003cffffffff8561464d\u003e] rcu_read_lock include/linux/rcupdate.h:747 [inline]\n[\u003cffffffff8561464d\u003e] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221\n[\u003cffffffff85618120\u003e] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606\n[\u003cffffffff856f65b5\u003e] pol_lookup_func include/net/ip6_fib.h:584 [inline]\n[\u003cffffffff856f65b5\u003e] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116\n[\u003cffffffff85618009\u003e] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638\n[\u003cffffffff8561821a\u003e] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651\n[\u003cffffffff838bd5a3\u003e] ip6_route_output include/net/ip6_route.h:100 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n[\u003cffffffff838bd5a3\u003e] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677\n[\u003cffffffff838c2909\u003e] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229\n[\u003cffffffff84d03900\u003e] netdev_start_xmit include/linux/netdevice.h:4966 [inline]\n[\u003cffffffff84d03900\u003e] xmit_one net/core/dev.c:3644 [inline]\n[\u003cffffffff84d03900\u003e] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660\n[\u003cffffffff84d080e2\u003e] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[\u003cffffffff855ce4cd\u003e] dev_queue_xmit include/linux/netdevice.h:3067 [inline]\n[\u003cffffffff855ce4cd\u003e] neigh_hh_output include/net/neighbour.h:529 [inline]\n[\u003cf\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:21.587Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f7f850611aa27aaaf1bf5687702ad2240ae442a"
},
{
"url": "https://git.kernel.org/stable/c/4d2d30f0792b47908af64c4d02ed1ee25ff50542"
},
{
"url": "https://git.kernel.org/stable/c/43b781e7cb5cd0b435de276111953bf2bacd1f02"
},
{
"url": "https://git.kernel.org/stable/c/1f64cad3ac38ac5978b53c40e6c5e6fd3477c68f"
},
{
"url": "https://git.kernel.org/stable/c/732a67ca436887b594ebc43bb5a04ffb0971a760"
},
{
"url": "https://git.kernel.org/stable/c/8872dc638c24bb774cd2224a69d72a7f661a4d56"
},
{
"url": "https://git.kernel.org/stable/c/03cddc4df8c6be47fd27c8f8b87e5f9a989e1458"
},
{
"url": "https://git.kernel.org/stable/c/18f039428c7df183b09c69ebf10ffd4e521035d2"
}
],
"title": "ipvlan: add ipvlan_route_v6_outbound() helper",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52796",
"datePublished": "2024-05-21T15:31:10.290Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:21.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52622 (GCVE-0-2023-52622)
Vulnerability from cvelistv5
Published
2024-03-26 17:19
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid online resizing failures due to oversized flex bg
When we online resize an ext4 filesystem with a oversized flexbg_size,
mkfs.ext4 -F -G 67108864 $dev -b 4096 100M
mount $dev $dir
resize2fs $dev 16G
the following WARN_ON is triggered:
==================================================================
WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550
Modules linked in: sg(E)
CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314
RIP: 0010:__alloc_pages+0x411/0x550
Call Trace:
<TASK>
__kmalloc_large_node+0xa2/0x200
__kmalloc+0x16e/0x290
ext4_resize_fs+0x481/0xd80
__ext4_ioctl+0x1616/0x1d90
ext4_ioctl+0x12/0x20
__x64_sys_ioctl+0xf0/0x150
do_syscall_64+0x3b/0x90
==================================================================
This is because flexbg_size is too large and the size of the new_group_data
array to be allocated exceeds MAX_ORDER. Currently, the minimum value of
MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding
maximum number of groups that can be allocated is:
(PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845
And the value that is down-aligned to the power of 2 is 16384. Therefore,
this value is defined as MAX_RESIZE_BG, and the number of groups added
each time does not exceed this value during resizing, and is added multiple
times to complete the online resizing. The difference is that the metadata
in a flex_bg may be more dispersed.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T19:32:18.763669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T19:32:30.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cd1f93ca97a9136989f3bd2bf90696732a2ed644",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b183fe8702e78bba3dcef8e7193cab6898abee07",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfbbb3199e71b63fc26cee0ebff327c47128a1e8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d2cbf517dcabc093159cf138ad5712c9c7fa954",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b1413dbfe49646eda2c00c0f1144ee9d3368e0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dc3e0f55bec4410f3d74352c4a7c79f518088ee2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5d1935ac02ca5aee364a449a35e2977ea84509b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/resize.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n \u003cTASK\u003e\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE \u003c\u003c MAX_ORDER) / sizeof(struct ext4_new_group_data) \u2248 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:10.143Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
},
{
"url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
},
{
"url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
},
{
"url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
},
{
"url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
},
{
"url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
},
{
"url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
},
{
"url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
}
],
"title": "ext4: avoid online resizing failures due to oversized flex bg",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52622",
"datePublished": "2024-03-26T17:19:23.838Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-04T07:40:10.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52799 (GCVE-0-2023-52799)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbFindLeaf
Currently while searching for dmtree_t for sufficient free blocks there
is an array out of bounds while getting element in tp->dm_stree. To add
the required check for out of bound we first need to determine the type
of dmtree. Thus added an extra parameter to dbFindLeaf so that the type
of tree can be determined and the required check can be applied.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:20:55.514685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:02.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20f9310a18e3e99fc031e036fcbed67105ae1859",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "86df90f3fea7c5591f05c8a0010871d435e83046",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ecfb47f13b08b02cf28b7b50d4941eefa21954d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "81aa58cd8495b8c3b527f58ccbe19478d8087f61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a50b796d36719757526ee094c703378895ab5e67",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88b7894a8f8705bf4e7ea90b10229376abf14514",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "87c681ab49e99039ff2dd3e71852417381b13878",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22cad8bc1d36547cdae0eef316c47d917ce3147c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbFindLeaf\n\nCurrently while searching for dmtree_t for sufficient free blocks there\nis an array out of bounds while getting element in tp-\u003edm_stree. To add\nthe required check for out of bound we first need to determine the type\nof dmtree. Thus added an extra parameter to dbFindLeaf so that the type\nof tree can be determined and the required check can be applied."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:25.356Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859"
},
{
"url": "https://git.kernel.org/stable/c/86df90f3fea7c5591f05c8a0010871d435e83046"
},
{
"url": "https://git.kernel.org/stable/c/ecfb47f13b08b02cf28b7b50d4941eefa21954d2"
},
{
"url": "https://git.kernel.org/stable/c/81aa58cd8495b8c3b527f58ccbe19478d8087f61"
},
{
"url": "https://git.kernel.org/stable/c/da3da5e1e6f71c21d8e6149d7076d936ef5d4cb9"
},
{
"url": "https://git.kernel.org/stable/c/a50b796d36719757526ee094c703378895ab5e67"
},
{
"url": "https://git.kernel.org/stable/c/88b7894a8f8705bf4e7ea90b10229376abf14514"
},
{
"url": "https://git.kernel.org/stable/c/87c681ab49e99039ff2dd3e71852417381b13878"
},
{
"url": "https://git.kernel.org/stable/c/22cad8bc1d36547cdae0eef316c47d917ce3147c"
}
],
"title": "jfs: fix array-index-out-of-bounds in dbFindLeaf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52799",
"datePublished": "2024-05-21T15:31:12.351Z",
"dateReserved": "2024-05-21T15:19:24.246Z",
"dateUpdated": "2025-05-04T07:43:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52836 (GCVE-0-2023-52836)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
locking/ww_mutex/test: Fix potential workqueue corruption
In some cases running with the test-ww_mutex code, I was seeing
odd behavior where sometimes it seemed flush_workqueue was
returning before all the work threads were finished.
Often this would cause strange crashes as the mutexes would be
freed while they were being used.
Looking at the code, there is a lifetime problem as the
controlling thread that spawns the work allocates the
"struct stress" structures that are passed to the workqueue
threads. Then when the workqueue threads are finished,
they free the stress struct that was passed to them.
Unfortunately the workqueue work_struct node is in the stress
struct. Which means the work_struct is freed before the work
thread returns and while flush_workqueue is waiting.
It seems like a better idea to have the controlling thread
both allocate and free the stress structures, so that we can
be sure we don't corrupt the workqueue by freeing the structure
prematurely.
So this patch reworks the test to do so, and with this change
I no longer see the early flush_workqueue returns.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T19:05:10.965267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:59.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/locking/test-ww_mutex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4d37c9e6a4dbcca958dabd99216550525c7e389",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d8267cabbe1bed15ccf8b0e684c528bf8eeef715",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dcd85e3c929368076a7592b27f541e0da8b427f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9ed2d68b3925145f5f51c46559484881d6082f75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e89d0ed45a419c485bae999426ecf92697cbdda3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c56df79d68677cf062da1b6e3b33e74299a92dfc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e36407713163363e65566e7af0abe207d5f59a0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "304a2c4aad0fff887ce493e4197bf9cbaf394479",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bccdd808902f8c677317cec47c306e42b93b849e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/locking/test-ww_mutex.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/ww_mutex/test: Fix potential workqueue corruption\n\nIn some cases running with the test-ww_mutex code, I was seeing\nodd behavior where sometimes it seemed flush_workqueue was\nreturning before all the work threads were finished.\n\nOften this would cause strange crashes as the mutexes would be\nfreed while they were being used.\n\nLooking at the code, there is a lifetime problem as the\ncontrolling thread that spawns the work allocates the\n\"struct stress\" structures that are passed to the workqueue\nthreads. Then when the workqueue threads are finished,\nthey free the stress struct that was passed to them.\n\nUnfortunately the workqueue work_struct node is in the stress\nstruct. Which means the work_struct is freed before the work\nthread returns and while flush_workqueue is waiting.\n\nIt seems like a better idea to have the controlling thread\nboth allocate and free the stress structures, so that we can\nbe sure we don\u0027t corrupt the workqueue by freeing the structure\nprematurely.\n\nSo this patch reworks the test to do so, and with this change\nI no longer see the early flush_workqueue returns."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:01.742Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389"
},
{
"url": "https://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715"
},
{
"url": "https://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5"
},
{
"url": "https://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75"
},
{
"url": "https://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3"
},
{
"url": "https://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc"
},
{
"url": "https://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c"
},
{
"url": "https://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479"
},
{
"url": "https://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e"
}
],
"title": "locking/ww_mutex/test: Fix potential workqueue corruption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52836",
"datePublished": "2024-05-21T15:31:37.174Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:44:01.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26752 (GCVE-0-2024-26752)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
l2tp: pass correct message length to ip6_append_data
l2tp_ip6_sendmsg needs to avoid accounting for the transport header
twice when splicing more data into an already partially-occupied skbuff.
To manage this, we check whether the skbuff contains data using
skb_queue_empty when deciding how much data to append using
ip6_append_data.
However, the code which performed the calculation was incorrect:
ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;
...due to C operator precedence, this ends up setting ulen to
transhdrlen for messages with a non-zero length, which results in
corrupted packets on the wire.
Add parentheses to correct the calculation in line with the original
intent.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 559d697c5d072593d22b3e0bd8b8081108aeaf59 Version: 1fc793d68d50dee4782ef2e808913d5dd880bcc6 Version: 96b2e1090397217839fcd6c9b6d8f5d439e705ed Version: cd1189956393bf850b2e275e37411855d3bd86bb Version: f6a7182179c0ed788e3755ee2ed18c888ddcc33f Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 9d4c75800f61e5d75c1659ba201b6c0c7ead3070 Version: 7626b9fed53092aa2147978070e610ecb61af844 Version: fe80658c08e3001c80c5533cd41abfbb0e0e28fd |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:05:57.024676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:58.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/l2tp/l2tp_ip6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c3ce64bc9d36ca9164dd6c77ff144c121011aae",
"status": "affected",
"version": "559d697c5d072593d22b3e0bd8b8081108aeaf59",
"versionType": "git"
},
{
"lessThan": "c1d3a84a67db910ce28a871273c992c3d7f9efb5",
"status": "affected",
"version": "1fc793d68d50dee4782ef2e808913d5dd880bcc6",
"versionType": "git"
},
{
"lessThan": "dcb4d14268595065c85dc5528056713928e17243",
"status": "affected",
"version": "96b2e1090397217839fcd6c9b6d8f5d439e705ed",
"versionType": "git"
},
{
"lessThan": "0da15a70395182ee8cb75716baf00dddc0bea38d",
"status": "affected",
"version": "cd1189956393bf850b2e275e37411855d3bd86bb",
"versionType": "git"
},
{
"lessThan": "13cd1daeea848614e585b2c6ecc11ca9c8ab2500",
"status": "affected",
"version": "f6a7182179c0ed788e3755ee2ed18c888ddcc33f",
"versionType": "git"
},
{
"lessThan": "804bd8650a3a2bf3432375f8c97d5049d845ce56",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"lessThan": "83340c66b498e49353530e41542500fc8a4782d6",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"lessThan": "359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79",
"status": "affected",
"version": "9d4c75800f61e5d75c1659ba201b6c0c7ead3070",
"versionType": "git"
},
{
"status": "affected",
"version": "7626b9fed53092aa2147978070e610ecb61af844",
"versionType": "git"
},
{
"status": "affected",
"version": "fe80658c08e3001c80c5533cd41abfbb0e0e28fd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/l2tp/l2tp_ip6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.19.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.15.135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "6.1.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n ulen = len + skb_queue_empty(\u0026sk-\u003esk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:40.861Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae"
},
{
"url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5"
},
{
"url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243"
},
{
"url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d"
},
{
"url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500"
},
{
"url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56"
},
{
"url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6"
},
{
"url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79"
}
],
"title": "l2tp: pass correct message length to ip6_append_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26752",
"datePublished": "2024-04-03T17:00:37.340Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T12:54:40.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39198 (GCVE-0-2023-39198)
Vulnerability from cvelistv5
Published
2023-11-09 19:15
Modified
2025-07-23 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T03:55:52.570322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:53:12.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-39198"
},
{
"name": "RHBZ#2218332",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:37:14.716Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-39198"
},
{
"name": "RHBZ#2218332",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218332"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-28T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-08-17T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-362-\u003eCWE-416: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-39198",
"datePublished": "2023-11-09T19:15:47.605Z",
"dateReserved": "2023-07-25T17:04:34.810Z",
"dateUpdated": "2025-07-23T18:37:14.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52865 (GCVE-0-2023-52865)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac Version: 96596aa06628e86ea0e1c08c34b0ccc7619e43ac |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:32:41.804264Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:00.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c79cbfb8e9e2311be77182893fda5ea4068c836"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2705c5b97f504e831ae1935c05f0e44f80dfa6b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81b16286110728674dcf81137be0687c5055e7bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3aefc6fcfbada57fac27f470602d5565e5b76cb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/357df1c2f6ace96defd557fad709ed1f9f70e16c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3f12f16038a558f08fa93cc32fa715746a5235"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/122ac6496e4975ddd7ec1edba4f6fc1e15e39478"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/606f6366a35a3329545e38129804d65ef26ed7d2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6797.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "4c79cbfb8e9e2311be77182893fda5ea4068c836",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "2705c5b97f504e831ae1935c05f0e44f80dfa6b3",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "81b16286110728674dcf81137be0687c5055e7bf",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "3aefc6fcfbada57fac27f470602d5565e5b76cb4",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "357df1c2f6ace96defd557fad709ed1f9f70e16c",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "be3f12f16038a558f08fa93cc32fa715746a5235",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "122ac6496e4975ddd7ec1edba4f6fc1e15e39478",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
},
{
"lessThan": "606f6366a35a3329545e38129804d65ef26ed7d2",
"status": "affected",
"version": "96596aa06628e86ea0e1c08c34b0ccc7619e43ac",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt6797.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:35.104Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c26feedbc561f2a3cee1a4f717e61bdbdfb4fa92"
},
{
"url": "https://git.kernel.org/stable/c/4c79cbfb8e9e2311be77182893fda5ea4068c836"
},
{
"url": "https://git.kernel.org/stable/c/2705c5b97f504e831ae1935c05f0e44f80dfa6b3"
},
{
"url": "https://git.kernel.org/stable/c/81b16286110728674dcf81137be0687c5055e7bf"
},
{
"url": "https://git.kernel.org/stable/c/3aefc6fcfbada57fac27f470602d5565e5b76cb4"
},
{
"url": "https://git.kernel.org/stable/c/357df1c2f6ace96defd557fad709ed1f9f70e16c"
},
{
"url": "https://git.kernel.org/stable/c/be3f12f16038a558f08fa93cc32fa715746a5235"
},
{
"url": "https://git.kernel.org/stable/c/122ac6496e4975ddd7ec1edba4f6fc1e15e39478"
},
{
"url": "https://git.kernel.org/stable/c/606f6366a35a3329545e38129804d65ef26ed7d2"
}
],
"title": "clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52865",
"datePublished": "2024-05-21T15:31:56.527Z",
"dateReserved": "2024-05-21T15:19:24.262Z",
"dateUpdated": "2025-05-04T07:44:35.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0646 (GCVE-0-2024-0646)
Vulnerability from cvelistv5
Published
2024-01-17 15:16
Modified
2025-08-01 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-10T04:00:15.716357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:19.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "unaffected",
"packageName": "kernel",
"versions": [
{
"lessThan": "6.7-rc5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::nfv",
"cpe:/a:redhat:rhel_tus:8.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.rt13.179.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::realtime",
"cpe:/a:redhat:rhel_tus:8.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.rt7.201.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.125.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.93.1.rt21.165.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.91.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-07T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T15:34:50.430Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0724",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0850"
},
{
"name": "RHSA-2024:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0851"
},
{
"name": "RHSA-2024:0876",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0876"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1250",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"name": "RHSA-2024:1251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1251"
},
{
"name": "RHSA-2024:1253",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1253"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"name": "RHSA-2024:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"name": "RHSA-2024:1367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"name": "RHSA-2024:1368",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1368"
},
{
"name": "RHSA-2024:1377",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1377"
},
{
"name": "RHSA-2024:1382",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0646"
},
{
"name": "RHBZ#2253908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253908"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-17T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-07T06:30:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-787: Out-of-bounds Write"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0646",
"datePublished": "2024-01-17T15:16:45.148Z",
"dateReserved": "2024-01-17T13:11:12.669Z",
"dateUpdated": "2025-08-01T15:34:50.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26685 (GCVE-0-2024-26685)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix potential bug in end_buffer_async_write
According to a syzbot report, end_buffer_async_write(), which handles the
completion of block device writes, may detect abnormal condition of the
buffer async_write flag and cause a BUG_ON failure when using nilfs2.
Nilfs2 itself does not use end_buffer_async_write(). But, the async_write
flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue
with race condition of competition between segments for dirty blocks") as
a means of resolving double list insertion of dirty blocks in
nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the
resulting crash.
This modification is safe as long as it is used for file data and b-tree
node blocks where the page caches are independent. However, it was
irrelevant and redundant to also introduce async_write for segment summary
and super root blocks that share buffers with the backing device. This
led to the possibility that the BUG_ON check in end_buffer_async_write
would fail as described above, if independent writebacks of the backing
device occurred in parallel.
The use of async_write for segment summary buffers has already been
removed in a previous change.
Fix this issue by removing the manipulation of the async_write flag for
the remaining super root block buffer.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: 7f42ec3941560f0902fe3671e36f2c20ffd3af0a Version: ccebcc74c81d8399c7b204aea47c1f33b09c2b17 Version: 831c87640d23ccb253a02e4901bd9a325b5e8c2d Version: d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5 Version: 8f67918af09fc0ffd426a9b6f87697976d3fbc7b |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:35:50.019246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:55:46.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c4a09fdac625e64abe478dcf88bfa20406616928",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "d31c8721e816eff5ca6573cc487754f357c093cd",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "f3e4963566f58726d3265a727116a42b591f6596",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "8fa90634ec3e9cc50f42dd605eec60f2d146ced8",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "6589f0f72f8edd1fa11adce4eedbd3615f2e78ab",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "2c3bdba00283a6c7a5b19481a59a730f46063803",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "626daab3811b772086aef1bf8eed3ffe6f523eff",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"lessThan": "5bc09b397cbf1221f8a8aacb1152650c9195b02b",
"status": "affected",
"version": "7f42ec3941560f0902fe3671e36f2c20ffd3af0a",
"versionType": "git"
},
{
"status": "affected",
"version": "ccebcc74c81d8399c7b204aea47c1f33b09c2b17",
"versionType": "git"
},
{
"status": "affected",
"version": "831c87640d23ccb253a02e4901bd9a325b5e8c2d",
"versionType": "git"
},
{
"status": "affected",
"version": "d8974c7fe717ee8fb0706e35cc92e0bcdf660ec5",
"versionType": "git"
},
{
"status": "affected",
"version": "8f67918af09fc0ffd426a9b6f87697976d3fbc7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/segment.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential bug in end_buffer_async_write\n\nAccording to a syzbot report, end_buffer_async_write(), which handles the\ncompletion of block device writes, may detect abnormal condition of the\nbuffer async_write flag and cause a BUG_ON failure when using nilfs2.\n\nNilfs2 itself does not use end_buffer_async_write(). But, the async_write\nflag is now used as a marker by commit 7f42ec394156 (\"nilfs2: fix issue\nwith race condition of competition between segments for dirty blocks\") as\na means of resolving double list insertion of dirty blocks in\nnilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the\nresulting crash.\n\nThis modification is safe as long as it is used for file data and b-tree\nnode blocks where the page caches are independent. However, it was\nirrelevant and redundant to also introduce async_write for segment summary\nand super root blocks that share buffers with the backing device. This\nled to the possibility that the BUG_ON check in end_buffer_async_write\nwould fail as described above, if independent writebacks of the backing\ndevice occurred in parallel.\n\nThe use of async_write for segment summary buffers has already been\nremoved in a previous change.\n\nFix this issue by removing the manipulation of the async_write flag for\nthe remaining super root block buffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:26.516Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928"
},
{
"url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd"
},
{
"url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596"
},
{
"url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8"
},
{
"url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab"
},
{
"url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803"
},
{
"url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff"
},
{
"url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b"
}
],
"title": "nilfs2: fix potential bug in end_buffer_async_write",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26685",
"datePublished": "2024-04-03T14:54:47.688Z",
"dateReserved": "2024-02-19T14:20:24.153Z",
"dateUpdated": "2025-05-04T12:54:26.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6931 (GCVE-0-2023-6931)
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2025-02-13 17:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.
A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().
We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.7",
"status": "affected",
"version": "4.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Budimir Markovic"
}
],
"datePublic": "2023-11-29T14:43:50.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:49.508Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b"
},
{
"url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in Linux kernel\u0027s Performance Events system component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-6931",
"datePublished": "2023-12-19T14:09:14.085Z",
"dateReserved": "2023-12-18T20:13:06.510Z",
"dateUpdated": "2025-02-13T17:26:59.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26839 (GCVE-0-2024-26839)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix a memleak in init_credit_return
When dma_alloc_coherent fails to allocate dd->cr_base[i].va,
init_credit_return should deallocate dd->cr_base and
dd->cr_base[i] that allocated before. Or those resources
would be never freed and a memleak is triggered.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde Version: 7724105686e718ac476a6ad3304fea2fbcfcffde |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T19:24:08.338788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T19:24:16.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e4f9f20b32658ef3724aa46f7aef4908d2609e3",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "cecfb90cf71d91e9efebd68b9e9b84661b277cc8",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "52de5805c147137205662af89ed7e083d656ae25",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "f0d857ce31a6bc7a82afcdbadb8f7417d482604b",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "b41d0ade0398007fb746213f09903d52a920e896",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "8412c86e89cc78d8b513cb25cf2157a2adf3670a",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
},
{
"lessThan": "809aa64ebff51eb170ee31a95f83b2d21efa32e2",
"status": "affected",
"version": "7724105686e718ac476a6ad3304fea2fbcfcffde",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/pio.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd-\u003ecr_base[i].va,\ninit_credit_return should deallocate dd-\u003ecr_base and\ndd-\u003ecr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:41.410Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3"
},
{
"url": "https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8"
},
{
"url": "https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7"
},
{
"url": "https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25"
},
{
"url": "https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b"
},
{
"url": "https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896"
},
{
"url": "https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a"
},
{
"url": "https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2"
}
],
"title": "IB/hfi1: Fix a memleak in init_credit_return",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26839",
"datePublished": "2024-04-17T10:10:05.536Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:41.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27414 (GCVE-0-2024-27414)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks
IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic
in the function `rtnl_bridge_setlink` to enable the loop to also check
the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment
removed the `break` statement and led to an error logic of the flags
writing back at the end of this function.
if (have_flags)
memcpy(nla_data(attr), &flags, sizeof(flags));
// attr should point to IFLA_BRIDGE_FLAGS NLA !!!
Before the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.
However, this is not necessarily true fow now as the updated loop will let
the attr point to the last NLA, even an invalid NLA which could cause
overflow writes.
This patch introduces a new variable `br_flag` to save the NLA pointer
that points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned
error logic.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: ad46d4861ed36315d3d9e838723ba3e367ecc042 Version: abb0172fa8dc4a4ec51aa992b7269ed65959f310 Version: 047508edd602921ee8bb0f2aa2100aa2e9bedc75 Version: 8dfac8071d58447e5cace4c4c6fe493ce2f615f6 Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f Version: 00757f58e37b2d9a6f99e15be484712390cd2bab |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:56:59.979228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:58.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9fbc44159dfc3e9a7073032752d9e03f5194a6f",
"status": "affected",
"version": "ad46d4861ed36315d3d9e838723ba3e367ecc042",
"versionType": "git"
},
{
"lessThan": "882a51a10ecf24ce135d573afa0872aef02c5125",
"status": "affected",
"version": "abb0172fa8dc4a4ec51aa992b7269ed65959f310",
"versionType": "git"
},
{
"lessThan": "a1227b27fcccc99dc44f912b479e01a17e2d7d31",
"status": "affected",
"version": "047508edd602921ee8bb0f2aa2100aa2e9bedc75",
"versionType": "git"
},
{
"lessThan": "f2261eb994aa5757c1da046b78e3229a3ece0ad9",
"status": "affected",
"version": "8dfac8071d58447e5cace4c4c6fe493ce2f615f6",
"versionType": "git"
},
{
"lessThan": "167d8642daa6a44b51de17f8ff0f584e1e762db7",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "831bc2728fb48a8957a824cba8c264b30dca1425",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"lessThan": "743ad091fb46e622f1b690385bb15e3cd3daf874",
"status": "affected",
"version": "d73ef2d69c0dba5f5a1cb9600045c873bab1fb7f",
"versionType": "git"
},
{
"status": "affected",
"version": "00757f58e37b2d9a6f99e15be484712390cd2bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back\n\nIn the commit d73ef2d69c0d (\"rtnetlink: let rtnl_bridge_setlink checks\nIFLA_BRIDGE_MODE length\"), an adjustment was made to the old loop logic\nin the function `rtnl_bridge_setlink` to enable the loop to also check\nthe length of the IFLA_BRIDGE_MODE attribute. However, this adjustment\nremoved the `break` statement and led to an error logic of the flags\nwriting back at the end of this function.\n\nif (have_flags)\n memcpy(nla_data(attr), \u0026flags, sizeof(flags));\n // attr should point to IFLA_BRIDGE_FLAGS NLA !!!\n\nBefore the mentioned commit, the `attr` is granted to be IFLA_BRIDGE_FLAGS.\nHowever, this is not necessarily true fow now as the updated loop will let\nthe attr point to the last NLA, even an invalid NLA which could cause\noverflow writes.\n\nThis patch introduces a new variable `br_flag` to save the NLA pointer\nthat points to IFLA_BRIDGE_FLAGS and uses it to resolve the mentioned\nerror logic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:42.575Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9fbc44159dfc3e9a7073032752d9e03f5194a6f"
},
{
"url": "https://git.kernel.org/stable/c/882a51a10ecf24ce135d573afa0872aef02c5125"
},
{
"url": "https://git.kernel.org/stable/c/a1227b27fcccc99dc44f912b479e01a17e2d7d31"
},
{
"url": "https://git.kernel.org/stable/c/f2261eb994aa5757c1da046b78e3229a3ece0ad9"
},
{
"url": "https://git.kernel.org/stable/c/167d8642daa6a44b51de17f8ff0f584e1e762db7"
},
{
"url": "https://git.kernel.org/stable/c/831bc2728fb48a8957a824cba8c264b30dca1425"
},
{
"url": "https://git.kernel.org/stable/c/743ad091fb46e622f1b690385bb15e3cd3daf874"
}
],
"title": "rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27414",
"datePublished": "2024-05-17T11:50:57.207Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:42.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52475 (GCVE-0-2023-52475)
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: powermate - fix use-after-free in powermate_config_complete
syzbot has found a use-after-free bug [1] in the powermate driver. This
happens when the device is disconnected, which leads to a memory free from
the powermate_device struct. When an asynchronous control message
completes after the kfree and its callback is invoked, the lock does not
exist anymore and hence the bug.
Use usb_kill_urb() on pm->config to cancel any in-progress requests upon
device disconnection.
[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:27.329972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:52.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/powermate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8677575c4f39d65bf0d719b5d20e8042e550ccb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67cace72606baf1758fd60feb358f4c6be92e1cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5aa514100aaf59868d745196258269a16737c7bd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd2fbfd8b922b7fdd50732e47d797754ab59cb06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a4a396386404e62fb59bc3bde48871a64a82b4f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2efe67c581a2a6122b328d4bb6f21b3f36f40d46",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5c15c60e7be615f05a45cd905093a54b11f461bc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/misc/powermate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: powermate - fix use-after-free in powermate_config_complete\n\nsyzbot has found a use-after-free bug [1] in the powermate driver. This\nhappens when the device is disconnected, which leads to a memory free from\nthe powermate_device struct. When an asynchronous control message\ncompletes after the kfree and its callback is invoked, the lock does not\nexist anymore and hence the bug.\n\nUse usb_kill_urb() on pm-\u003econfig to cancel any in-progress requests upon\ndevice disconnection.\n\n[1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:29.354Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9"
},
{
"url": "https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc"
},
{
"url": "https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd"
},
{
"url": "https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06"
},
{
"url": "https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f"
},
{
"url": "https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46"
},
{
"url": "https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8"
},
{
"url": "https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b11f461bc"
}
],
"title": "Input: powermate - fix use-after-free in powermate_config_complete",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52475",
"datePublished": "2024-02-29T05:43:08.838Z",
"dateReserved": "2024-02-20T12:30:33.298Z",
"dateUpdated": "2025-05-04T07:37:29.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26773 (GCVE-0-2024-26773)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
Determine if the group block bitmap is corrupted before using ac_b_ex in
ext4_mb_try_best_found() to avoid allocating blocks from a group with a
corrupted block bitmap in the following concurrency and making the
situation worse.
ext4_mb_regular_allocator
ext4_lock_group(sb, group)
ext4_mb_good_group
// check if the group bbitmap is corrupted
ext4_mb_complex_scan_group
// Scan group gets ac_b_ex but doesn't use it
ext4_unlock_group(sb, group)
ext4_mark_group_bitmap_corrupted(group)
// The block bitmap was corrupted during
// the group unlock gap.
ext4_mb_try_best_found
ext4_lock_group(ac->ac_sb, group)
ext4_mb_use_best_found
mb_mark_used
// Allocating blocks in block bitmap corrupted group
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:50:26.209110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:10.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21f8cfe79f776287459343e9cfa6055af61328ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "260fc96283c0f594de18a1b045faf6d8fb42874d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "927794a02169778c9c2e7b25c768ab3ea8c1dc03",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4c21fa60a6f4606f6214a38f50612b17b2f738f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f97e75fa4e12b0aa0224e83fcbda8853ac2adf36",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0184747b552d6b5a14db3b7fcc3b792ce64dedd1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a2576ae9a35c078e488f2c573e9e6821d651fbbe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4530b3660d396a646aad91a787b6ab37cf604b53",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn\u0027t use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac-\u003eac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:11.135Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea"
},
{
"url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d"
},
{
"url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03"
},
{
"url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5"
},
{
"url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36"
},
{
"url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1"
},
{
"url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe"
},
{
"url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53"
}
],
"title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26773",
"datePublished": "2024-04-03T17:00:59.757Z",
"dateReserved": "2024-02-19T14:20:24.176Z",
"dateUpdated": "2025-05-04T08:56:11.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52654 (GCVE-0-2023-52654)
Vulnerability from cvelistv5
Published
2024-05-09 16:37
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
io_uring/af_unix: disable sending io_uring over sockets
File reference cycles have caused lots of problems for io_uring
in the past, and it still doesn't work exactly right and races with
unix_stream_read_generic(). The safest fix would be to completely
disallow sending io_uring files via sockets via SCM_RIGHT, so there
are no possible cycles invloving registered files and thus rendering
SCM accounting on the io_uring side unnecessary.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 04df9719df1865f6770af9bc7880874af0e594b2 Version: c378c479c5175833bb22ff71974cda47d7b05401 Version: 813d8fe5d30388f73a21d3a2bf46b0a1fd72498c Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 Version: 0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 Version: b4293c01ee0d0ecdd3cb5801e13f62271144667a Version: 75e94c7e8859e58aadc15a98cc9704edff47d4f2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T18:37:06.033789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:29.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"io_uring/rsrc.h",
"net/core/scm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "18824f592aad4124d79751bbc1500ea86ac3ff29",
"status": "affected",
"version": "04df9719df1865f6770af9bc7880874af0e594b2",
"versionType": "git"
},
{
"lessThan": "3fe1ea5f921bf5b71cbfdc4469fb96c05936610e",
"status": "affected",
"version": "c378c479c5175833bb22ff71974cda47d7b05401",
"versionType": "git"
},
{
"lessThan": "bcedd497b3b4a0be56f3adf7c7542720eced0792",
"status": "affected",
"version": "813d8fe5d30388f73a21d3a2bf46b0a1fd72498c",
"versionType": "git"
},
{
"lessThan": "f2f57f51b53be153a522300454ddb3887722fb2c",
"status": "affected",
"version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80",
"versionType": "git"
},
{
"lessThan": "5a33d385eb36991a91e3dddb189d8679e2aac2be",
"status": "affected",
"version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80",
"versionType": "git"
},
{
"lessThan": "705318a99a138c29a512a72c3e0043b3cd7f55f4",
"status": "affected",
"version": "0091bfc81741b8d3aeb3b7ab8636f911b2de6e80",
"versionType": "git"
},
{
"status": "affected",
"version": "b4293c01ee0d0ecdd3cb5801e13f62271144667a",
"versionType": "git"
},
{
"status": "affected",
"version": "75e94c7e8859e58aadc15a98cc9704edff47d4f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"io_uring/rsrc.h",
"net/core/scm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.264",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.264",
"versionStartIncluding": "5.4.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.204",
"versionStartIncluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.143",
"versionStartIncluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.68",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: disable sending io_uring over sockets\n\nFile reference cycles have caused lots of problems for io_uring\nin the past, and it still doesn\u0027t work exactly right and races with\nunix_stream_read_generic(). The safest fix would be to completely\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\nare no possible cycles invloving registered files and thus rendering\nSCM accounting on the io_uring side unnecessary."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:22.099Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18824f592aad4124d79751bbc1500ea86ac3ff29"
},
{
"url": "https://git.kernel.org/stable/c/3fe1ea5f921bf5b71cbfdc4469fb96c05936610e"
},
{
"url": "https://git.kernel.org/stable/c/bcedd497b3b4a0be56f3adf7c7542720eced0792"
},
{
"url": "https://git.kernel.org/stable/c/f2f57f51b53be153a522300454ddb3887722fb2c"
},
{
"url": "https://git.kernel.org/stable/c/5a33d385eb36991a91e3dddb189d8679e2aac2be"
},
{
"url": "https://git.kernel.org/stable/c/705318a99a138c29a512a72c3e0043b3cd7f55f4"
}
],
"title": "io_uring/af_unix: disable sending io_uring over sockets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52654",
"datePublished": "2024-05-09T16:37:04.293Z",
"dateReserved": "2024-03-06T09:52:12.098Z",
"dateUpdated": "2025-05-04T12:49:22.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52791 (GCVE-0-2023-52791)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: core: Run atomic i2c xfer when !preemptible
Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is
disabled. However, non-atomic i2c transfers require preemption (e.g. in
wait_for_completion() while waiting for the DMA).
panic() calls preempt_disable_notrace() before calling
emergency_restart(). Therefore, if an i2c device is used for the
restart, the xfer should be atomic. This avoids warnings like:
[ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0
[ 12.676926] Voluntary context switch within RCU read-side critical section!
...
[ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114
[ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70
...
[ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58
[ 13.001050] machine_restart from panic+0x2a8/0x32c
Use !preemptible() instead, which is basically the same check as
pre-v5.2.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e Version: bae1d3a05a8b99bd748168bbf8155a1d047c562e |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:36:52.732311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:37:13.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25eb381a736e7ae39a4245ef5c96484eb1073809",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "25284c46b657f48c0f3880a2e0706c70d81182c0",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "f6237afabc349c1c7909db00e15d2816519e0d2b",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "185f3617adc8fe45e40489b458f03911f0dec46c",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "8c3fa52a46ff4d208cefb1a462ec94e0043a91e1",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "3473cf43b9068b9dfef2f545f833f33c6a544b91",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
},
{
"lessThan": "aa49c90894d06e18a1ee7c095edbd2f37c232d02",
"status": "affected",
"version": "bae1d3a05a8b99bd748168bbf8155a1d047c562e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/i2c-core.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: core: Run atomic i2c xfer when !preemptible\n\nSince bae1d3a05a8b, i2c transfers are non-atomic if preemption is\ndisabled. However, non-atomic i2c transfers require preemption (e.g. in\nwait_for_completion() while waiting for the DMA).\n\npanic() calls preempt_disable_notrace() before calling\nemergency_restart(). Therefore, if an i2c device is used for the\nrestart, the xfer should be atomic. This avoids warnings like:\n\n[ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0\n[ 12.676926] Voluntary context switch within RCU read-side critical section!\n...\n[ 12.742376] schedule_timeout from wait_for_completion_timeout+0x90/0x114\n[ 12.749179] wait_for_completion_timeout from tegra_i2c_wait_completion+0x40/0x70\n...\n[ 12.994527] atomic_notifier_call_chain from machine_restart+0x34/0x58\n[ 13.001050] machine_restart from panic+0x2a8/0x32c\n\nUse !preemptible() instead, which is basically the same check as\npre-v5.2."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:16.771Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809"
},
{
"url": "https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0"
},
{
"url": "https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b"
},
{
"url": "https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c"
},
{
"url": "https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1"
},
{
"url": "https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91"
},
{
"url": "https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37c232d02"
}
],
"title": "i2c: core: Run atomic i2c xfer when !preemptible",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52791",
"datePublished": "2024-05-21T15:31:06.997Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:16.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5717 (GCVE-0-2023-5717)
Vulnerability from cvelistv5
Published
2023-10-25 12:55
Modified
2025-02-13 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.
If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.
We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6",
"status": "affected",
"version": "4.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Budimir Markovic"
}
],
"datePublic": "2023-10-19T08:09:42.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T19:06:46.196Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds write in Linux kernel\u0027s Linux Kernel Performance Events (perf) component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-5717",
"datePublished": "2023-10-25T12:55:06.871Z",
"dateReserved": "2023-10-23T10:49:09.250Z",
"dateUpdated": "2025-02-13T17:25:43.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27405 (GCVE-0-2024-27405)
Vulnerability from cvelistv5
Published
2024-05-17 11:40
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
It is observed sometimes when tethering is used over NCM with Windows 11
as host, at some instances, the gadget_giveback has one byte appended at
the end of a proper NTB. When the NTB is parsed, unwrap call looks for
any leftover bytes in SKB provided by u_ether and if there are any pending
bytes, it treats them as a separate NTB and parses it. But in case the
second NTB (as per unwrap call) is faulty/corrupt, all the datagrams that
were parsed properly in the first NTB and saved in rx_list are dropped.
Adding a few custom traces showed the following:
[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:
req 000000003868811a length 1025/16384 zsI ==> 0
[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025
[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400
[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10
[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames
In this case, the giveback is of 1025 bytes and block length is 1024.
The rest 1 byte (which is 0x00) won't be parsed resulting in drop of
all datagrams in rx_list.
Same is case with packets of size 2048:
[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:
req 0000000011dfd96e length 2049/16384 zsI ==> 0
[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342
[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800
Lecroy shows one byte coming in extra confirming that the byte is coming
in from PC:
Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590)
- Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)
--- Packet 4063861
Data(1024 bytes)
Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)
--- Packet 4063863
Data(1 byte)
Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)
According to Windows driver, no ZLP is needed if wBlockLength is non-zero,
because the non-zero wBlockLength has already told the function side the
size of transfer to be expected. However, there are in-market NCM devices
that rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.
To deal with such devices, it pads an extra 0 at end so the transfer is no
longer multiple of wMaxPacketSize.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c Version: 9f6ce4240a2bf456402c15c06768059e5973f28c |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "9f6ce4240a2b"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.19.308"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.270"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.211"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.150"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.80"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:38:04.984999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:38:24.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "059285e04ebb273d32323fbad5431c5b94f77e48",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "a31cf46d108dabce3df80b3e5c07661e24912151",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "57ca0e16f393bb21d69734e536e383a3a4c665fd",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "2cb66b62a5d64ccf09b0591ab86fb085fa491fc5",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "35b604a37ec70d68b19dafd10bbacf1db505c9ca",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "2b7ec68869d50ea998908af43b643bca7e54577e",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "c7f43900bc723203d7554d299a2ce844054fab8e",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
},
{
"lessThan": "76c51146820c5dac629f21deafab0a7039bc3ccd",
"status": "affected",
"version": "9f6ce4240a2bf456402c15c06768059e5973f28c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_ncm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs\n\nIt is observed sometimes when tethering is used over NCM with Windows 11\nas host, at some instances, the gadget_giveback has one byte appended at\nthe end of a proper NTB. When the NTB is parsed, unwrap call looks for\nany leftover bytes in SKB provided by u_ether and if there are any pending\nbytes, it treats them as a separate NTB and parses it. But in case the\nsecond NTB (as per unwrap call) is faulty/corrupt, all the datagrams that\nwere parsed properly in the first NTB and saved in rx_list are dropped.\n\nAdding a few custom traces showed the following:\n[002] d..1 7828.532866: dwc3_gadget_giveback: ep1out:\nreq 000000003868811a length 1025/16384 zsI ==\u003e 0\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb toprocess: 1025\n[002] d..1 7828.532867: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb seq: 0xce67\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x400\n[002] d..1 7828.532868: ncm_unwrap_ntb: K: ncm_unwrap_ntb ndp_len: 0x10\n[002] d..1 7828.532869: ncm_unwrap_ntb: K: Parsed NTB with 1 frames\n\nIn this case, the giveback is of 1025 bytes and block length is 1024.\nThe rest 1 byte (which is 0x00) won\u0027t be parsed resulting in drop of\nall datagrams in rx_list.\n\nSame is case with packets of size 2048:\n[002] d..1 7828.557948: dwc3_gadget_giveback: ep1out:\nreq 0000000011dfd96e length 2049/16384 zsI ==\u003e 0\n[002] d..1 7828.557949: ncm_unwrap_ntb: K: ncm_unwrap_ntb nth: 1751999342\n[002] d..1 7828.557950: ncm_unwrap_ntb: K: ncm_unwrap_ntb blk_len: 0x800\n\nLecroy shows one byte coming in extra confirming that the byte is coming\nin from PC:\n\n Transfer 2959 - Bytes Transferred(1025) Timestamp((18.524 843 590)\n - Transaction 8391 - Data(1025 bytes) Timestamp(18.524 843 590)\n --- Packet 4063861\n Data(1024 bytes)\n Duration(2.117us) Idle(14.700ns) Timestamp(18.524 843 590)\n --- Packet 4063863\n Data(1 byte)\n Duration(66.160ns) Time(282.000ns) Timestamp(18.524 845 722)\n\nAccording to Windows driver, no ZLP is needed if wBlockLength is non-zero,\nbecause the non-zero wBlockLength has already told the function side the\nsize of transfer to be expected. However, there are in-market NCM devices\nthat rely on ZLP as long as the wBlockLength is multiple of wMaxPacketSize.\nTo deal with such devices, it pads an extra 0 at end so the transfer is no\nlonger multiple of wMaxPacketSize."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:24.877Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/059285e04ebb273d32323fbad5431c5b94f77e48"
},
{
"url": "https://git.kernel.org/stable/c/a31cf46d108dabce3df80b3e5c07661e24912151"
},
{
"url": "https://git.kernel.org/stable/c/57ca0e16f393bb21d69734e536e383a3a4c665fd"
},
{
"url": "https://git.kernel.org/stable/c/2cb66b62a5d64ccf09b0591ab86fb085fa491fc5"
},
{
"url": "https://git.kernel.org/stable/c/35b604a37ec70d68b19dafd10bbacf1db505c9ca"
},
{
"url": "https://git.kernel.org/stable/c/2b7ec68869d50ea998908af43b643bca7e54577e"
},
{
"url": "https://git.kernel.org/stable/c/c7f43900bc723203d7554d299a2ce844054fab8e"
},
{
"url": "https://git.kernel.org/stable/c/76c51146820c5dac629f21deafab0a7039bc3ccd"
}
],
"title": "usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27405",
"datePublished": "2024-05-17T11:40:25.069Z",
"dateReserved": "2024-02-25T13:47:42.681Z",
"dateUpdated": "2025-05-04T09:04:24.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52340 (GCVE-0-2023-52340)
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2025-03-20 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:36:20.176084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:48:52.741Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:37.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T02:01:14.688Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=af6d10345ca76670c1b7c37799f0d5576ccef277"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52340",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-01-12T00:00:00.000Z",
"dateUpdated": "2025-03-20T13:48:52.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3567 (GCVE-0-2023-3567)
Vulnerability from cvelistv5
Published
2023-07-24 15:19
Modified
2025-07-23 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:56.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0439"
},
{
"name": "RHSA-2024:0448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0448"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3567"
},
{
"name": "RHBZ#2221463",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.spinics.net/lists/stable-commits/msg285184.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.43.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/o:redhat:rhel_eus:9.0::baseos",
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::nfv",
"cpe:/a:redhat:rhel_eus:9.0::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.rt21.156.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.48.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::realtime",
"cpe:/a:redhat:rhel_eus:9.2::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.48.1.rt14.333.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:31:01.540Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0439"
},
{
"name": "RHSA-2024:0448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0448"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-3567"
},
{
"name": "RHBZ#2221463",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221463"
},
{
"url": "https://www.spinics.net/lists/stable-commits/msg285184.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-13T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-01-14T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-3567",
"datePublished": "2023-07-24T15:19:19.795Z",
"dateReserved": "2023-07-09T09:05:56.937Z",
"dateUpdated": "2025-07-23T18:31:01.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52845 (GCVE-0-2023-52845)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
syzbot reported the following uninit-value access issue [1]:
=====================================================
BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]
BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756
strlen lib/string.c:418 [inline]
strstr+0xb8/0x2f0 lib/string.c:756
tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595
genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]
genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066
netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545
genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075
netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
sock_sendmsg net/socket.c:753 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
__sys_sendmsg net/socket.c:2624 [inline]
__do_sys_sendmsg net/socket.c:2633 [inline]
__se_sys_sendmsg net/socket.c:2631 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767
slab_alloc_node mm/slub.c:3478 [inline]
kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559
__alloc_skb+0x318/0x740 net/core/skbuff.c:650
alloc_skb include/linux/skbuff.h:1286 [inline]
netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]
netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885
sock_sendmsg_nosec net/socket.c:730 [inline]
sock_sendmsg net/socket.c:753 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595
__sys_sendmsg net/socket.c:2624 [inline]
__do_sys_sendmsg net/socket.c:2633 [inline]
__se_sys_sendmsg net/socket.c:2631 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2631
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
TIPC bearer-related names including link names must be null-terminated
strings. If a link name which is not null-terminated is passed through
netlink, strstr() and similar functions can cause buffer overrun. This
causes the above issue.
This patch changes the nla_policy for bearer-related names from NLA_STRING
to NLA_NUL_STRING. This resolves the issue by ensuring that only
null-terminated strings are accepted as bearer-related names.
syzbot reported similar uninit-value issue related to bearer names [2]. The
root cause of this issue is that a non-null-terminated bearer name was
passed. This patch also resolved this issue.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf Version: 0655f6a8635b1b66f2434d5556b1044c14b1ccaf |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:31.255258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6744008c354bca2e4686a5b6056ee6b535d9f67d",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "2426425d686b43adbc4f2f4a367b494f06f159d6",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "2199260c42e6fbc5af8adae3bf78e623407c91b0",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "b33d130f07f1decd756b849ab03c23d11d4dd294",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "3907b89cd17fcc23e9a80789c36856f00ece0ba8",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "abc1582119e8c4af14cedb0db6541fd603f45a04",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "560992f41c0cea44b7603bc9e6c73bffbf6b5709",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
},
{
"lessThan": "19b3f72a41a8751e26bffc093bb7e1cef29ad579",
"status": "affected",
"version": "0655f6a8635b1b66f2434d5556b1044c14b1ccaf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.19"
},
{
"lessThan": "3.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "3.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Change nla_policy for bearer-related names to NLA_NUL_STRING\n\nsyzbot reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline]\nBUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756\n strlen lib/string.c:418 [inline]\n strstr+0xb8/0x2f0 lib/string.c:756\n tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595\n genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline]\n genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline]\n genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066\n netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545\n genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075\n netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]\n netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:650\n alloc_skb include/linux/skbuff.h:1286 [inline]\n netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline]\n netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595\n __sys_sendmsg net/socket.c:2624 [inline]\n __do_sys_sendmsg net/socket.c:2633 [inline]\n __se_sys_sendmsg net/socket.c:2631 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nTIPC bearer-related names including link names must be null-terminated\nstrings. If a link name which is not null-terminated is passed through\nnetlink, strstr() and similar functions can cause buffer overrun. This\ncauses the above issue.\n\nThis patch changes the nla_policy for bearer-related names from NLA_STRING\nto NLA_NUL_STRING. This resolves the issue by ensuring that only\nnull-terminated strings are accepted as bearer-related names.\n\nsyzbot reported similar uninit-value issue related to bearer names [2]. The\nroot cause of this issue is that a non-null-terminated bearer name was\npassed. This patch also resolved this issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:11.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6744008c354bca2e4686a5b6056ee6b535d9f67d"
},
{
"url": "https://git.kernel.org/stable/c/2426425d686b43adbc4f2f4a367b494f06f159d6"
},
{
"url": "https://git.kernel.org/stable/c/2199260c42e6fbc5af8adae3bf78e623407c91b0"
},
{
"url": "https://git.kernel.org/stable/c/b33d130f07f1decd756b849ab03c23d11d4dd294"
},
{
"url": "https://git.kernel.org/stable/c/3907b89cd17fcc23e9a80789c36856f00ece0ba8"
},
{
"url": "https://git.kernel.org/stable/c/4c731e98fe4d678e87ba3e4d45d3cf0a5a193dc4"
},
{
"url": "https://git.kernel.org/stable/c/abc1582119e8c4af14cedb0db6541fd603f45a04"
},
{
"url": "https://git.kernel.org/stable/c/560992f41c0cea44b7603bc9e6c73bffbf6b5709"
},
{
"url": "https://git.kernel.org/stable/c/19b3f72a41a8751e26bffc093bb7e1cef29ad579"
}
],
"title": "tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52845",
"datePublished": "2024-05-21T15:31:43.181Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:11.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52868 (GCVE-0-2023-52868)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
thermal: core: prevent potential string overflow
The dev->id value comes from ida_alloc() so it's a number between zero
and INT_MAX. If it's too high then these sprintf()s will overflow.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd Version: 203d3d4aa482339b4816f131f713e1b8ee37f6dd |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T19:32:21.368633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:15.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b55f0a9f865be75ca1019aad331f3225f7b50ce8",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "6ad1bf47fbe5750c4d5d8e41337665e193e2c521",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3091ab943dfc7b2578599b0fe203350286fab5bb",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3f795fb35c2d8a637efe76b4518216c9319b998c",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "77ff34a56b695e228e6daf30ee30be747973d6e8",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "0f6b3be28c4d62ef6498133959c72266629bea97",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "edbd6bbe40ac524a8f2273ffacc53edf14f3c686",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
},
{
"lessThan": "c99626092efca3061b387043d4a7399bf75fbdd5",
"status": "affected",
"version": "203d3d4aa482339b4816f131f713e1b8ee37f6dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: core: prevent potential string overflow\n\nThe dev-\u003eid value comes from ida_alloc() so it\u0027s a number between zero\nand INT_MAX. If it\u0027s too high then these sprintf()s will overflow."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:38.572Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b55f0a9f865be75ca1019aad331f3225f7b50ce8"
},
{
"url": "https://git.kernel.org/stable/c/6ad1bf47fbe5750c4d5d8e41337665e193e2c521"
},
{
"url": "https://git.kernel.org/stable/c/3091ab943dfc7b2578599b0fe203350286fab5bb"
},
{
"url": "https://git.kernel.org/stable/c/3f795fb35c2d8a637efe76b4518216c9319b998c"
},
{
"url": "https://git.kernel.org/stable/c/3a8f4e58e1ee707b4f46a1000b40b86ea3dd509c"
},
{
"url": "https://git.kernel.org/stable/c/77ff34a56b695e228e6daf30ee30be747973d6e8"
},
{
"url": "https://git.kernel.org/stable/c/0f6b3be28c4d62ef6498133959c72266629bea97"
},
{
"url": "https://git.kernel.org/stable/c/edbd6bbe40ac524a8f2273ffacc53edf14f3c686"
},
{
"url": "https://git.kernel.org/stable/c/c99626092efca3061b387043d4a7399bf75fbdd5"
}
],
"title": "thermal: core: prevent potential string overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52868",
"datePublished": "2024-05-21T15:31:58.530Z",
"dateReserved": "2024-05-21T15:19:24.263Z",
"dateUpdated": "2025-05-04T07:44:38.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35833 (GCVE-0-2024-35833)
Vulnerability from cvelistv5
Published
2024-05-17 13:48
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
This dma_alloc_coherent() is undone neither in the remove function, nor in
the error handling path of fsl_qdma_probe().
Switch to the managed version to fix both issues.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35833",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:42:15.309549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:28:55.561Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "ae6769ba51417c1c86fb645812d5bff455eee802",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "15eb996d7d13cb72a16389231945ada8f0fef2c3",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "198270de9d8eb3b5d5f030825ea303ef95285d24",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "3aa58cb51318e329d203857f7a191678e60bb714",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA\n\nThis dma_alloc_coherent() is undone neither in the remove function, nor in\nthe error handling path of fsl_qdma_probe().\n\nSwitch to the managed version to fix both issues."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:25.326Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c75fe450b5200c78f4a102a0eb8e15d8f1ccda8"
},
{
"url": "https://git.kernel.org/stable/c/ae6769ba51417c1c86fb645812d5bff455eee802"
},
{
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3"
},
{
"url": "https://git.kernel.org/stable/c/25ab4d72eb7cbfa0f3d97a139a9b2bfcaa72dd59"
},
{
"url": "https://git.kernel.org/stable/c/5cd8a51517ce15edbdcea4fc74c4c127ddaa1bd6"
},
{
"url": "https://git.kernel.org/stable/c/198270de9d8eb3b5d5f030825ea303ef95285d24"
},
{
"url": "https://git.kernel.org/stable/c/3aa58cb51318e329d203857f7a191678e60bb714"
}
],
"title": "dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35833",
"datePublished": "2024-05-17T13:48:24.319Z",
"dateReserved": "2024-05-17T12:19:12.349Z",
"dateUpdated": "2025-05-04T09:06:25.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26636 (GCVE-0-2024-26636)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: make llc_ui_sendmsg() more robust against bonding changes
syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no
headroom, but subsequently trying to push 14 bytes of Ethernet header [1]
Like some others, llc_ui_sendmsg() releases the socket lock before
calling sock_alloc_send_skb().
Then it acquires it again, but does not redo all the sanity checks
that were performed.
This fix:
- Uses LL_RESERVED_SPACE() to reserve space.
- Check all conditions again after socket lock is held again.
- Do not account Ethernet header for mtu limitation.
[1]
skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0
kernel BUG at net/core/skbuff.c:193 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:189 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
lr : skb_panic net/core/skbuff.c:189 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
sp : ffff800096f97000
x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000
x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2
x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0
x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce
x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001
x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400
x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089
Call trace:
skb_panic net/core/skbuff.c:189 [inline]
skb_under_panic+0x13c/0x140 net/core/skbuff.c:203
skb_push+0xf0/0x108 net/core/skbuff.c:2451
eth_header+0x44/0x1f8 net/ethernet/eth.c:83
dev_hard_header include/linux/netdevice.h:3188 [inline]
llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33
llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85
llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]
llc_sap_next_state net/llc/llc_sap.c:182 [inline]
llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209
llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270
llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
sock_sendmsg+0x194/0x274 net/socket.c:767
splice_to_socket+0x7cc/0xd58 fs/splice.c:881
do_splice_from fs/splice.c:933 [inline]
direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142
splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088
do_splice_direct+0x20c/0x348 fs/splice.c:1194
do_sendfile+0x4bc/0xc70 fs/read_write.c:1254
__do_sys_sendfile64 fs/read_write.c:1322 [inline]
__se_sys_sendfile64 fs/read_write.c:1308 [inline]
__arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T15:30:36.675601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:11.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04f2a74b562f3a7498be0399309669f342793d8c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c22044270da68881074fda81a7d34812726cb249",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d53b813ff8b177f86f149c2f744442681f720e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cafd3ad3fe03ef4d6632747be9ee15dc0029db4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c451c008f563d56d5e676c9dcafae565fcad84bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dad555c816a50c6a6a8a86be1f9177673918c647",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:48.420Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b"
},
{
"url": "https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d"
},
{
"url": "https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c"
},
{
"url": "https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249"
},
{
"url": "https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4"
},
{
"url": "https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b"
},
{
"url": "https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb"
},
{
"url": "https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647"
}
],
"title": "llc: make llc_ui_sendmsg() more robust against bonding changes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26636",
"datePublished": "2024-03-18T10:14:47.795Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T08:52:48.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52597 (GCVE-0-2023-52597)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix setting of fpc register
kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control
(fpc) register of a guest cpu. The new value is tested for validity by
temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the host process:
if an interrupt happens while the value is temporarily loaded into the fpc
register, and within interrupt context floating point or vector registers
are used, the current fp/vx registers are saved with save_fpu_regs()
assuming they belong to user space and will be loaded into fp/vx registers
when returning to user space.
test_fp_ctl() restores the original user space / host process fpc register
value, however it will be discarded, when returning to user space.
In result the host process will incorrectly continue to run with the value
that was supposed to be used for a guest cpu.
Fix this by simply removing the test. There is another test right before
the SIE context is entered which will handles invalid values.
This results in a change of behaviour: invalid values will now be accepted
instead of that the ioctl fails with -EINVAL. This seems to be acceptable,
given that this interface is most likely not used anymore, and this is in
addition the same behaviour implemented with the memory mapped interface
(replace invalid values with zero) - see sync_regs() in kvm-s390.c.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 Version: 4725c86055f5bbdcdfe47199c0715881893a2c79 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:20.673242Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T17:29:59.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3a04410b0bc7e056e0843ac598825dd359246d18",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "150a3a3871490e8c454ffbac2e60abeafcecff99",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "732a3bea7aba5b15026ea42d14953c3425cc7dc2",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "0671f42a9c1084db10d68ac347d08dbf6689ecb3",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "c87d7d910775a025e230fd6359b60627e392460f",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
},
{
"lessThan": "b988b1bb0053c0dcd26187d29ef07566a565cf55",
"status": "affected",
"version": "4725c86055f5bbdcdfe47199c0715881893a2c79",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/kvm/kvm-s390.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix setting of fpc register\n\nkvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control\n(fpc) register of a guest cpu. The new value is tested for validity by\ntemporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the host process:\nif an interrupt happens while the value is temporarily loaded into the fpc\nregister, and within interrupt context floating point or vector registers\nare used, the current fp/vx registers are saved with save_fpu_regs()\nassuming they belong to user space and will be loaded into fp/vx registers\nwhen returning to user space.\n\ntest_fp_ctl() restores the original user space / host process fpc register\nvalue, however it will be discarded, when returning to user space.\n\nIn result the host process will incorrectly continue to run with the value\nthat was supposed to be used for a guest cpu.\n\nFix this by simply removing the test. There is another test right before\nthe SIE context is entered which will handles invalid values.\n\nThis results in a change of behaviour: invalid values will now be accepted\ninstead of that the ioctl fails with -EINVAL. This seems to be acceptable,\ngiven that this interface is most likely not used anymore, and this is in\naddition the same behaviour implemented with the memory mapped interface\n(replace invalid values with zero) - see sync_regs() in kvm-s390.c."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:47.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18"
},
{
"url": "https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1"
},
{
"url": "https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99"
},
{
"url": "https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2"
},
{
"url": "https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3"
},
{
"url": "https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f"
},
{
"url": "https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7"
},
{
"url": "https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55"
}
],
"title": "KVM: s390: fix setting of fpc register",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52597",
"datePublished": "2024-03-06T06:45:26.608Z",
"dateReserved": "2024-03-02T21:55:42.572Z",
"dateUpdated": "2025-05-21T08:49:47.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52604 (GCVE-0-2023-52604)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
Syzkaller reported the following issue:
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6
index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]')
CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867
dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834
dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331
dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]
dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402
txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534
txUpdateMap+0x342/0x9e0
txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
</TASK>
================================================================================
Kernel panic - not syncing: UBSAN: panic_on_warn set ...
CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
panic+0x30f/0x770 kernel/panic.c:340
check_panic_on_warn+0x82/0xa0 kernel/panic.c:236
ubsan_epilogue lib/ubsan.c:223 [inline]
__ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348
dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867
dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834
dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331
dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]
dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402
txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534
txUpdateMap+0x342/0x9e0
txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]
jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732
kthread+0x2d3/0x370 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
</TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
The issue is caused when the value of lp becomes greater than
CTLTREESIZE which is the max size of stree. Adding a simple check
solves this issue.
Dave:
As the function returns a void, good error handling
would require a more intrusive code reorganization, so I modified
Osama's patch at use WARN_ON_ONCE for lack of a cleaner option.
The patch is tested via syzbot.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T19:11:36.244140Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:17.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3e95c6850661c77e6dab079d9b5374a618ebb15",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "98f9537fe61b8382b3cc5dd97347531698517c56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6fe8b702125aeee6ce83f20092a2341446704e7b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "42f433785f108893de0dd5260bafb85d7d51db03",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "59342822276f753e49d27ef5eebffbba990572b9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6\nindex 196694 is out of range for type \u0027s8[1365]\u0027 (aka \u0027signed char[1365]\u0027)\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\n================================================================================\nKernel panic - not syncing: UBSAN: panic_on_warn set ...\nCPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n panic+0x30f/0x770 kernel/panic.c:340\n check_panic_on_warn+0x82/0xa0 kernel/panic.c:236\n ubsan_epilogue lib/ubsan.c:223 [inline]\n __ubsan_handle_out_of_bounds+0x13c/0x150 lib/ubsan.c:348\n dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867\n dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834\n dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331\n dbFreeDmap fs/jfs/jfs_dmap.c:2080 [inline]\n dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402\n txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534\n txUpdateMap+0x342/0x9e0\n txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline]\n jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732\n kthread+0x2d3/0x370 kernel/kthread.c:388\n ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n \u003c/TASK\u003e\nKernel Offset: disabled\nRebooting in 86400 seconds..\n\nThe issue is caused when the value of lp becomes greater than\nCTLTREESIZE which is the max size of stree. Adding a simple check\nsolves this issue.\n\nDave:\nAs the function returns a void, good error handling\nwould require a more intrusive code reorganization, so I modified\nOsama\u0027s patch at use WARN_ON_ONCE for lack of a cleaner option.\n\nThe patch is tested via syzbot."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:43.418Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15"
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56"
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b"
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b"
},
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03"
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd"
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9"
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68"
}
],
"title": "FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52604",
"datePublished": "2024-03-06T06:45:30.246Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:43.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52840 (GCVE-0-2023-52840)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()
The put_device() calls rmi_release_function() which frees "fn" so the
dereference on the next line "fn->num_of_irqs" is a use after free.
Move the put_device() to the end to fix this.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 Version: 24d28e4f1271cb2f91613dada8f2acccd00eff56 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T18:01:30.625524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:01:37.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/input/rmi4/rmi_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f236d8638f5b43e0c72919a6a27fe286c32053f",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "50d12253666195a14c6cd2b81c376e2dbeedbdff",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "6c71e065befb2fae8f1461559b940c04e1071bd5",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "303766bb92c5c225cf40f9bbbe7e29749406e2f2",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "cc56c4d17721dcb10ad4e9c9266e449be1462683",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "c8e639f5743cf4b01f8c65e0df075fe4d782b585",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
},
{
"lessThan": "eb988e46da2e4eae89f5337e047ce372fe33d5b1",
"status": "affected",
"version": "24d28e4f1271cb2f91613dada8f2acccd00eff56",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/input/rmi4/rmi_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.18"
},
{
"lessThan": "4.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: synaptics-rmi4 - fix use after free in rmi_unregister_function()\n\nThe put_device() calls rmi_release_function() which frees \"fn\" so the\ndereference on the next line \"fn-\u003enum_of_irqs\" is a use after free.\nMove the put_device() to the end to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:06.206Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f236d8638f5b43e0c72919a6a27fe286c32053f"
},
{
"url": "https://git.kernel.org/stable/c/50d12253666195a14c6cd2b81c376e2dbeedbdff"
},
{
"url": "https://git.kernel.org/stable/c/6c71e065befb2fae8f1461559b940c04e1071bd5"
},
{
"url": "https://git.kernel.org/stable/c/303766bb92c5c225cf40f9bbbe7e29749406e2f2"
},
{
"url": "https://git.kernel.org/stable/c/7082b1fb5321037bc11ba1cf2d7ed23c6b2b521f"
},
{
"url": "https://git.kernel.org/stable/c/cc56c4d17721dcb10ad4e9c9266e449be1462683"
},
{
"url": "https://git.kernel.org/stable/c/c8e639f5743cf4b01f8c65e0df075fe4d782b585"
},
{
"url": "https://git.kernel.org/stable/c/eb988e46da2e4eae89f5337e047ce372fe33d5b1"
}
],
"title": "Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52840",
"datePublished": "2024-05-21T15:31:39.862Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T07:44:06.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27413 (GCVE-0-2024-27413)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
efi/capsule-loader: fix incorrect allocation size
gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures
is not enough for a 64-bit phys_addr_t:
drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open':
drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size]
295 | cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL);
| ^
Use the correct type instead here.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: f24c4d478013d82bd1b943df566fff3561d52864 Version: 95a362c9a6892085f714eb6e31eea6a0e3aa93bf |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:33.014498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:44.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/capsule-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "00cf21ac526011a29fc708f8912da446fac19f7b",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "950d4d74d311a18baed6878dbfba8180d7e5dddd",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "537e3f49dbe88881a6f0752beaa596942d9efd64",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "4b73473c050a612fb4317831371073eda07c3050",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "ddc547dd05a46720866c32022300f7376c40119f",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "11aabd7487857b8e7d768fefb092f66dfde68492",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "62a5dcd9bd3097e9813de62fa6f22815e84a0172",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"lessThan": "fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e",
"status": "affected",
"version": "f24c4d478013d82bd1b943df566fff3561d52864",
"versionType": "git"
},
{
"status": "affected",
"version": "95a362c9a6892085f714eb6e31eea6a0e3aa93bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/capsule-loader.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/capsule-loader: fix incorrect allocation size\n\ngcc-14 notices that the allocation with sizeof(void) on 32-bit architectures\nis not enough for a 64-bit phys_addr_t:\n\ndrivers/firmware/efi/capsule-loader.c: In function \u0027efi_capsule_open\u0027:\ndrivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size \u00274\u0027 for type \u0027phys_addr_t\u0027 {aka \u0027long long unsigned int\u0027} with size \u00278\u0027 [-Werror=alloc-size]\n 295 | cap_info-\u003ephys = kzalloc(sizeof(void *), GFP_KERNEL);\n | ^\n\nUse the correct type instead here."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:41.446Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b"
},
{
"url": "https://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd"
},
{
"url": "https://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64"
},
{
"url": "https://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050"
},
{
"url": "https://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f"
},
{
"url": "https://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492"
},
{
"url": "https://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172"
},
{
"url": "https://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e"
}
],
"title": "efi/capsule-loader: fix incorrect allocation size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27413",
"datePublished": "2024-05-17T11:50:53.780Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:41.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26720 (GCVE-0-2024-26720)
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-12-19T11:15:27.766Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26720",
"datePublished": "2024-04-03T14:55:20.286Z",
"dateRejected": "2024-12-19T11:15:27.766Z",
"dateReserved": "2024-02-19T14:20:24.161Z",
"dateUpdated": "2024-12-19T11:15:27.766Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1086 (GCVE-0-2024-1086)
Vulnerability from cvelistv5
Published
2024-01-31 12:14
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.
We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:3.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1086",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T14:20:47.271139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-1086"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:08.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2024-05-30T00:00:00+00:00",
"value": "CVE-2024-1086 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"tags": [
"x_transferred"
],
"url": "https://pwning.tech/nftables/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Notselwyn"
}
],
"datePublic": "2024-01-24T19:02:39.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\n\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:10:45.558Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/"
},
{
"url": "https://github.com/Notselwyn/CVE-2024-1086"
},
{
"url": "https://news.ycombinator.com/item?id=39828424"
},
{
"url": "https://pwning.tech/nftables/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/15/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/23"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/10/22"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/14/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/17/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240614-0009/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s netfilter: nf_tables component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-1086",
"datePublished": "2024-01-31T12:14:34.073Z",
"dateReserved": "2024-01-30T20:04:09.704Z",
"dateUpdated": "2025-07-30T01:37:08.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52881 (GCVE-0-2023-52881)
Vulnerability from cvelistv5
Published
2024-05-29 10:15
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tcp: do not accept ACK of bytes we never sent
This patch is based on a detailed report and ideas from Yepeng Pan
and Christian Rossow.
ACK seq validation is currently following RFC 5961 5.2 guidelines:
The ACK value is considered acceptable only if
it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=
SND.NXT). All incoming segments whose ACK value doesn't satisfy the
above condition MUST be discarded and an ACK sent back. It needs to
be noted that RFC 793 on page 72 (fifth check) says: "If the ACK is a
duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK
acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an
ACK, drop the segment, and return". The "ignored" above implies that
the processing of the incoming data segment continues, which means
the ACK value is treated as acceptable. This mitigation makes the
ACK check more stringent since any ACK < SND.UNA wouldn't be
accepted, instead only ACKs that are in the range ((SND.UNA -
MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.
This can be refined for new (and possibly spoofed) flows,
by not accepting ACK for bytes that were never sent.
This greatly improves TCP security at a little cost.
I added a Fixes: tag to make sure this patch will reach stable trees,
even if the 'blamed' patch was adhering to the RFC.
tp->bytes_acked was added in linux-4.2
Following packetdrill test (courtesy of Yepeng Pan) shows
the issue at hand:
0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0 bind(3, ..., ...) = 0
+0 listen(3, 1024) = 0
// ---------------- Handshake ------------------- //
// when window scale is set to 14 the window size can be extended to
// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet
// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)
// ,though this ack number acknowledges some data never
// sent by the server.
+0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14>
+0 > S. 0:0(0) ack 1 <...>
+0 < . 1:1(0) ack 1 win 65535
+0 accept(3, ..., ...) = 4
// For the established connection, we send an ACK packet,
// the ack packet uses ack number 1 - 1073725300 + 2^32,
// where 2^32 is used to wrap around.
// Note: we used 1073725300 instead of 1073725440 to avoid possible
// edge cases.
// 1 - 1073725300 + 2^32 = 3221241997
// Oops, old kernels happily accept this packet.
+0 < . 1:1001(1000) ack 3221241997 win 65535
// After the kernel fix the following will be replaced by a challenge ACK,
// and prior malicious frame would be dropped.
+0 > . 1:1(0) ack 1001
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 354e4aa391ed50a4d827ff6fc11e0667d0859b25 Version: 8d15569e14cfcf9151e9e3b4c0cb98369943a2bb Version: e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1 Version: 2ee4432e82437a7c051c254b065fbf5d4581e1a3 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:46:40.495686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:11:03.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69eae75ca5255e876628ac5cee9eaab31f644b57",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "458f07ffeccd17f99942311e09ef574ddf4a414a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "7ffff0cc929fdfc62a74b384c4903d6496c910f0",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "008b807fe487e0b15a3a6c39add4eb477f73e440",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"lessThan": "3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
"status": "affected",
"version": "354e4aa391ed50a4d827ff6fc11e0667d0859b25",
"versionType": "git"
},
{
"status": "affected",
"version": "8d15569e14cfcf9151e9e3b4c0cb98369943a2bb",
"versionType": "git"
},
{
"status": "affected",
"version": "e252bbd8c87b95e9cecdc01350fbb0b46a0f9bf1",
"versionType": "git"
},
{
"status": "affected",
"version": "2ee4432e82437a7c051c254b065fbf5d4581e1a3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.333",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.302",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.264",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.204",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.143",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.333",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.302",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.264",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.204",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.143",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.68",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:46.197Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "tcp: do not accept ACK of bytes we never sent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52881",
"datePublished": "2024-05-29T10:15:14.186Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2025-05-04T12:49:46.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26825 (GCVE-0-2024-26825)
Vulnerability from cvelistv5
Published
2024-04-17 09:43
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
rx_data_reassembly skb is stored during NCI data exchange for processing
fragmented packets. It is dropped only when the last fragment is processed
or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.
However, the NCI device may be deallocated before that which leads to skb
leak.
As by design the rx_data_reassembly skb is bound to the NCI device and
nothing prevents the device to be freed before the skb is processed in
some way and cleaned, free it on the NCI device cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:41:44.795216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:48:52.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7e9a8498658b398bf11b8e388005fa54e40aed81",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "2f6d16f0520d6505241629ee2f5c131b547d5f9d",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "471c9ede8061357b43a116fa692e70d91941ac23",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "5c0c5ffaed73cbae6c317374dc32ba6cacc60895",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "16d3f507b0fa70453dc54550df093d6e9ac630c1",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "a3d90fb5c23f29ba59c04005ae76c5228cef2be9",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:22.904Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e9a8498658b398bf11b8e388005fa54e40aed81"
},
{
"url": "https://git.kernel.org/stable/c/71349abe3aba7fedcab5b3fcd7aa82371fb5ccbf"
},
{
"url": "https://git.kernel.org/stable/c/2f6d16f0520d6505241629ee2f5c131b547d5f9d"
},
{
"url": "https://git.kernel.org/stable/c/471c9ede8061357b43a116fa692e70d91941ac23"
},
{
"url": "https://git.kernel.org/stable/c/5c0c5ffaed73cbae6c317374dc32ba6cacc60895"
},
{
"url": "https://git.kernel.org/stable/c/16d3f507b0fa70453dc54550df093d6e9ac630c1"
},
{
"url": "https://git.kernel.org/stable/c/a3d90fb5c23f29ba59c04005ae76c5228cef2be9"
},
{
"url": "https://git.kernel.org/stable/c/bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c"
}
],
"title": "nfc: nci: free rx_data_reassembly skb on NCI device cleanup",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26825",
"datePublished": "2024-04-17T09:43:51.114Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:22.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26697 (GCVE-0-2024-26697)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix data corruption in dsync block recovery for small block sizes
The helper function nilfs_recovery_copy_block() of
nilfs_recovery_dsync_blocks(), which recovers data from logs created by
data sync writes during a mount after an unclean shutdown, incorrectly
calculates the on-page offset when copying repair data to the file's page
cache. In environments where the block size is smaller than the page
size, this flaw can cause data corruption and leak uninitialized memory
bytes during the recovery process.
Fix these issues by correcting this byte offset calculation on the page.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:50.686290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:29.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/recovery.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5278c3eb6bf5896417572b52adb6be9d26e92f65",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "364a66be2abdcd4fd426ffa44d9b8f40aafb3caa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "120f7fa2008e3bd8b7680b4ab5df942decf60fd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9c9c68d64fd3284f7097ed6ae057c8441f39fcd3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2000016bab499074e6248ea85aeea7dd762355d9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "67b8bcbaed4777871bb0dcc888fb02a614a98ab1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/recovery.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix data corruption in dsync block recovery for small block sizes\n\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file\u0027s page\ncache. In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\n\nFix these issues by correcting this byte offset calculation on the page."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:18.520Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65"
},
{
"url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba"
},
{
"url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa"
},
{
"url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5"
},
{
"url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3"
},
{
"url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d"
},
{
"url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9"
},
{
"url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1"
}
],
"title": "nilfs2: fix data corruption in dsync block recovery for small block sizes",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26697",
"datePublished": "2024-04-03T14:54:57.848Z",
"dateReserved": "2024-02-19T14:20:24.156Z",
"dateUpdated": "2025-05-04T08:54:18.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26751 (GCVE-0-2024-26751)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: ep93xx: Add terminator to gpiod_lookup_table
Without the terminator, if a con_id is passed to gpio_find() that
does not exist in the lookup table the function will not stop looping
correctly, and eventually cause an oops.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 Version: b2e63555592f81331c8da3afaa607d8cf83e8138 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:36:01.250592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:52.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9e200a06ae2abb321939693008290af32b33dd6e",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "999a8bb70da2946336327b4480824d1691cae1fa",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "70d92abbe29692a3de8697ae082c60f2d21ab482",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "eec6cbbfa1e8d685cc245cfd5626d0715a127a48",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "786f089086b505372fb3f4f008d57e7845fff0d8",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "97ba7c1f9c0a2401e644760d857b2386aa895997",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "6abe0895b63c20de06685c8544b908c7e413efa8",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
},
{
"lessThan": "fdf87a0dc26d0550c60edc911cda42f9afec3557",
"status": "affected",
"version": "b2e63555592f81331c8da3afaa607d8cf83e8138",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/mach-ep93xx/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:40.678Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e"
},
{
"url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa"
},
{
"url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482"
},
{
"url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48"
},
{
"url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8"
},
{
"url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997"
},
{
"url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8"
},
{
"url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557"
}
],
"title": "ARM: ep93xx: Add terminator to gpiod_lookup_table",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26751",
"datePublished": "2024-04-03T17:00:36.523Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:40.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46343 (GCVE-0-2023-46343)
Vulnerability from cvelistv5
Published
2024-01-23 00:00
Modified
2025-06-17 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:41.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/netdev/20231013184129.18738-1-krzysztof.kozlowski%40linaro.org/T/#r38bdbaf8ae15305b77f6c5bc8e15d38f405623c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7937609cd387246aed994e81aa4fa951358fba41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7937609cd387246aed994e81aa4fa951358fba41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-46343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:55:02.811515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:55:44.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T09:54:49.419Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://lore.kernel.org/netdev/20231013184129.18738-1-krzysztof.kozlowski%40linaro.org/T/#r38bdbaf8ae15305b77f6c5bc8e15d38f405623c7"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.9"
},
{
"url": "https://github.com/torvalds/linux/commit/7937609cd387246aed994e81aa4fa951358fba41"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7937609cd387246aed994e81aa4fa951358fba41"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46343",
"datePublished": "2024-01-23T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2025-06-17T13:55:44.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26793 (GCVE-0-2024-26793)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
The gtp_link_ops operations structure for the subsystem must be
registered after registering the gtp_net_ops pernet operations structure.
Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:
[ 1010.702740] gtp: GTP module unloaded
[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI
[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1
[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014
[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]
[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00
[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203
[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000
[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282
[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000
[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80
[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400
[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000
[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0
[ 1010.715968] PKRU: 55555554
[ 1010.715972] Call Trace:
[ 1010.715985] ? __die_body.cold+0x1a/0x1f
[ 1010.715995] ? die_addr+0x43/0x70
[ 1010.716002] ? exc_general_protection+0x199/0x2f0
[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30
[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp]
[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp]
[ 1010.716042] __rtnl_newlink+0x1063/0x1700
[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0
[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0
[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0
[ 1010.716076] ? __kernel_text_address+0x56/0xa0
[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0
[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30
[ 1010.716098] ? arch_stack_walk+0x9e/0xf0
[ 1010.716106] ? stack_trace_save+0x91/0xd0
[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170
[ 1010.716121] ? __lock_acquire+0x15c5/0x5380
[ 1010.716139] ? mark_held_locks+0x9e/0xe0
[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0
[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700
[ 1010.716160] rtnl_newlink+0x69/0xa0
[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50
[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0
[ 1010.716179] ? lock_acquire+0x1fe/0x560
[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50
[ 1010.716196] netlink_rcv_skb+0x14d/0x440
[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0
[ 1010.716208] ? netlink_ack+0xab0/0xab0
[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50
[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50
[ 1010.716226] ? __virt_addr_valid+0x30b/0x590
[ 1010.716233] netlink_unicast+0x54b/0x800
[ 1010.716240] ? netlink_attachskb+0x870/0x870
[ 1010.716248] ? __check_object_size+0x2de/0x3b0
[ 1010.716254] netlink_sendmsg+0x938/0xe40
[ 1010.716261] ? netlink_unicast+0x800/0x800
[ 1010.716269] ? __import_iovec+0x292/0x510
[ 1010.716276] ? netlink_unicast+0x800/0x800
[ 1010.716284] __sock_sendmsg+0x159/0x190
[ 1010.716290] ____sys_sendmsg+0x712/0x880
[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0
[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270
[ 1010.716309] ? lock_acquire+0x1fe/0x560
[ 1010.716315] ? drain_array_locked+0x90/0x90
[ 1010.716324] ___sys_sendmsg+0xf8/0x170
[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170
[ 1010.716337] ? lockdep_init_map
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:52.672497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:48.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01129059d5141d62fae692f7a336ae3bc712d3eb",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "e668b92a3a01429923fd5ca13e99642aab47de69",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "9376d059a705c5dfaac566c2d09891242013ae16",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "abd32d7f5c0294c1b2454c5a3b13b18446bac627",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "93dd420bc41531c9a31498b9538ca83ba6ec191e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "616d82c3cfa2a2146dd7e3ae47bda7e877ee549e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_newlink()\n\nThe gtp_link_ops operations structure for the subsystem must be\nregistered after registering the gtp_net_ops pernet operations structure.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\n[ 1010.702740] gtp: GTP module unloaded\n[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI\n[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1\n[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\n[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00\n[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203\n[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000\n[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282\n[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000\n[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80\n[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400\n[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000\n[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0\n[ 1010.715968] PKRU: 55555554\n[ 1010.715972] Call Trace:\n[ 1010.715985] ? __die_body.cold+0x1a/0x1f\n[ 1010.715995] ? die_addr+0x43/0x70\n[ 1010.716002] ? exc_general_protection+0x199/0x2f0\n[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30\n[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp]\n[ 1010.716042] __rtnl_newlink+0x1063/0x1700\n[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0\n[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0\n[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0\n[ 1010.716076] ? __kernel_text_address+0x56/0xa0\n[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0\n[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30\n[ 1010.716098] ? arch_stack_walk+0x9e/0xf0\n[ 1010.716106] ? stack_trace_save+0x91/0xd0\n[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170\n[ 1010.716121] ? __lock_acquire+0x15c5/0x5380\n[ 1010.716139] ? mark_held_locks+0x9e/0xe0\n[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0\n[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700\n[ 1010.716160] rtnl_newlink+0x69/0xa0\n[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50\n[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716179] ? lock_acquire+0x1fe/0x560\n[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50\n[ 1010.716196] netlink_rcv_skb+0x14d/0x440\n[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716208] ? netlink_ack+0xab0/0xab0\n[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50\n[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50\n[ 1010.716226] ? __virt_addr_valid+0x30b/0x590\n[ 1010.716233] netlink_unicast+0x54b/0x800\n[ 1010.716240] ? netlink_attachskb+0x870/0x870\n[ 1010.716248] ? __check_object_size+0x2de/0x3b0\n[ 1010.716254] netlink_sendmsg+0x938/0xe40\n[ 1010.716261] ? netlink_unicast+0x800/0x800\n[ 1010.716269] ? __import_iovec+0x292/0x510\n[ 1010.716276] ? netlink_unicast+0x800/0x800\n[ 1010.716284] __sock_sendmsg+0x159/0x190\n[ 1010.716290] ____sys_sendmsg+0x712/0x880\n[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0\n[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270\n[ 1010.716309] ? lock_acquire+0x1fe/0x560\n[ 1010.716315] ? drain_array_locked+0x90/0x90\n[ 1010.716324] ___sys_sendmsg+0xf8/0x170\n[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170\n[ 1010.716337] ? lockdep_init_map\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:40.199Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb"
},
{
"url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6"
},
{
"url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69"
},
{
"url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16"
},
{
"url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627"
},
{
"url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e"
},
{
"url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8"
},
{
"url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e"
}
],
"title": "gtp: fix use-after-free and null-ptr-deref in gtp_newlink()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26793",
"datePublished": "2024-04-04T08:20:23.771Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:40.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52809 (GCVE-0-2023-52809)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
fc_lport_ptp_setup() did not check the return value of fc_rport_create()
which can return NULL and would cause a NULL pointer dereference. Address
this issue by checking return value of fc_rport_create() and log error
message on fc_rport_create() failed.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:44.046464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_lport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "930f0aaba4820d6362de4e6ed569eaf444f1ea4e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "77072ec41d6ab3718c3fc639bc149b8037caedfa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b549acf999824d4f751ca57965700372f2f3ad00",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bb83f79f90e92f46466adcfd4fd264a7ae0f0f01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56d78b5495ebecbb9395101f3be177cd0a52450b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "442fd24d7b6b29e4a9cd9225afba4142d5f522ba",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f6fe7261b92b21109678747f36df9fdab1e30c34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b9ecf4e1032e645873933e5b43cbb84cac19106",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4df105f0ce9f6f30cda4e99f577150d23f0c9c5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/libfc/fc_lport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()\n\nfc_lport_ptp_setup() did not check the return value of fc_rport_create()\nwhich can return NULL and would cause a NULL pointer dereference. Address\nthis issue by checking return value of fc_rport_create() and log error\nmessage on fc_rport_create() failed."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:35.849Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e"
},
{
"url": "https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa"
},
{
"url": "https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00"
},
{
"url": "https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01"
},
{
"url": "https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b"
},
{
"url": "https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba"
},
{
"url": "https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34"
},
{
"url": "https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106"
},
{
"url": "https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f"
}
],
"title": "scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52809",
"datePublished": "2024-05-21T15:31:18.982Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:35.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52603 (GCVE-0-2023-52603)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
UBSAN: array-index-out-of-bounds in dtSplitRoot
Syzkaller reported the following issue:
oop0: detected capacity change from 0 to 32768
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9
index -2 is out of range for type 'struct dtslot [128]'
CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:151 [inline]
__ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283
dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971
dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]
dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863
jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270
vfs_mkdir+0x3b3/0x590 fs/namei.c:4013
do_mkdirat+0x279/0x550 fs/namei.c:4038
__do_sys_mkdirat fs/namei.c:4053 [inline]
__se_sys_mkdirat fs/namei.c:4051 [inline]
__x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fcdc0113fd9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9
RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0
R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000
R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000
</TASK>
The issue is caused when the value of fsi becomes less than -1.
The check to break the loop when fsi value becomes -1 is present
but syzbot was able to produce value less than -1 which cause the error.
This patch simply add the change for the values less than 0.
The patch is tested via syzbot.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:37:06.643976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:37:16.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd3486a893778770557649fe28afa5e463d4ed07",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e2902ecc77e9760a9fc447f56d598383e2372d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUBSAN: array-index-out-of-bounds in dtSplitRoot\n\nSyzkaller reported the following issue:\n\noop0: detected capacity change from 0 to 32768\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9\nindex -2 is out of range for type \u0027struct dtslot [128]\u0027\nCPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283\n dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971\n dtSplitUp fs/jfs/jfs_dtree.c:985 [inline]\n dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863\n jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270\n vfs_mkdir+0x3b3/0x590 fs/namei.c:4013\n do_mkdirat+0x279/0x550 fs/namei.c:4038\n __do_sys_mkdirat fs/namei.c:4053 [inline]\n __se_sys_mkdirat fs/namei.c:4051 [inline]\n __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fcdc0113fd9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcdc0113fd9\nRDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003\nRBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0\nR10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000\nR13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThe issue is caused when the value of fsi becomes less than -1.\nThe check to break the loop when fsi value becomes -1 is present\nbut syzbot was able to produce value less than -1 which cause the error.\nThis patch simply add the change for the values less than 0.\n\nThe patch is tested via syzbot."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:42.168Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af"
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07"
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8"
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39"
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60"
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f"
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2"
},
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16"
}
],
"title": "UBSAN: array-index-out-of-bounds in dtSplitRoot",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52603",
"datePublished": "2024-03-06T06:45:29.731Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:42.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26801 (GCVE-0-2024-26801)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Avoid potential use-after-free in hci_error_reset
While handling the HCI_EV_HARDWARE_ERROR event, if the underlying
BT controller is not responding, the GPIO reset mechanism would
free the hci_dev and lead to a use-after-free in hci_error_reset.
Here's the call trace observed on a ChromeOS device with Intel AX201:
queue_work_on+0x3e/0x6c
__hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>]
? init_wait_entry+0x31/0x31
__hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>]
hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>]
process_one_work+0x1d8/0x33f
worker_thread+0x21b/0x373
kthread+0x13a/0x152
? pr_cont_work+0x54/0x54
? kthread_blkcg+0x31/0x31
ret_from_fork+0x1f/0x30
This patch holds the reference count on the hci_dev while processing
a HCI_EV_HARDWARE_ERROR event to avoid potential crash.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c Version: c7741d16a57cbf97eebe53f27e8216b1ff20e20c |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:27:12.303916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:27:19.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e0b278650f07acf2e0932149183458468a731c03",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "98fb98fd37e42fd4ce13ff657ea64503e24b6090",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "da4569d450b193e39e87119fd316c0291b585d14",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "45085686b9559bfbe3a4f41d3d695a520668f5e1",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "2ab9a19d896f5a0dd386e1f001c5309bc35f433b",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "dd594cdc24f2e48dab441732e6dfcafd6b0711d1",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
},
{
"lessThan": "2449007d3f73b2842c9734f45f0aadb522daf592",
"status": "affected",
"version": "c7741d16a57cbf97eebe53f27e8216b1ff20e20c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThan": "4.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere\u0027s the call trace observed on a ChromeOS device with Intel AX201:\n queue_work_on+0x3e/0x6c\n __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth \u003cHASH:3b4a6\u003e]\n ? init_wait_entry+0x31/0x31\n __hci_cmd_sync+0x16/0x20 [bluetooth \u003cHASH:3b4a 6\u003e]\n hci_error_reset+0x4f/0xa4 [bluetooth \u003cHASH:3b4a 6\u003e]\n process_one_work+0x1d8/0x33f\n worker_thread+0x21b/0x373\n kthread+0x13a/0x152\n ? pr_cont_work+0x54/0x54\n ? kthread_blkcg+0x31/0x31\n ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:52.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03"
},
{
"url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090"
},
{
"url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2"
},
{
"url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14"
},
{
"url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1"
},
{
"url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b"
},
{
"url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1"
},
{
"url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592"
}
],
"title": "Bluetooth: Avoid potential use-after-free in hci_error_reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26801",
"datePublished": "2024-04-04T08:20:29.211Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T08:56:52.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52435 (GCVE-0-2023-52435)
Vulnerability from cvelistv5
Published
2024-02-20 18:27
Modified
2025-05-04 07:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: prevent mss overflow in skb_segment()
Once again syzbot is able to crash the kernel in skb_segment() [1]
GSO_BY_FRAGS is a forbidden value, but unfortunately the following
computation in skb_segment() can reach it quite easily :
mss = mss * partial_segs;
65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to
a bad final result.
Make sure to limit segmentation so that the new mss value is smaller
than GSO_BY_FRAGS.
[1]
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0
R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046
FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120
skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626
__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x257/0x380 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2190
__do_sys_sendto net/socket.c:2202 [inline]
__se_sys_sendto net/socket.c:2198 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f8692032aa9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9
RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480
R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R0
---truncated---
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba Version: 3953c46c3ac7eef31a9935427371c6f54a22f1ba |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:45:46.929589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:56.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d3ffbbf8631d6db0552f46250015648991c856f",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "cd1022eaf87be8e6151435bd4df4c242c347e083",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "8f8f185643747fbb448de6aab0efa51c679909a3",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "6c53e8547687d9c767c139cd4b50af566f58c29a",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "989b0ff35fe5fc9652ee5bafbe8483db6f27b137",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "95b3904a261a9f810205da560e802cc326f50d77",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
},
{
"lessThan": "23d05d563b7e7b0314e65c8e882bc27eac2da8e7",
"status": "affected",
"version": "3953c46c3ac7eef31a9935427371c6f54a22f1ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.321",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.11",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: prevent mss overflow in skb_segment()\n\nOnce again syzbot is able to crash the kernel in skb_segment() [1]\n\nGSO_BY_FRAGS is a forbidden value, but unfortunately the following\ncomputation in skb_segment() can reach it quite easily :\n\n\tmss = mss * partial_segs;\n\n65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to\na bad final result.\n\nMake sure to limit segmentation so that the new mss value is smaller\nthan GSO_BY_FRAGS.\n\n[1]\n\ngeneral protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0\nR13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046\nFS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\nudp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109\nipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120\nskb_mac_gso_segment+0x290/0x610 net/core/gso.c:53\n__skb_gso_segment+0x339/0x710 net/core/gso.c:124\nskb_gso_segment include/net/gso.h:83 [inline]\nvalidate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626\n__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338\ndev_queue_xmit include/linux/netdevice.h:3134 [inline]\npacket_xmit+0x257/0x380 net/packet/af_packet.c:276\npacket_snd net/packet/af_packet.c:3087 [inline]\npacket_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119\nsock_sendmsg_nosec net/socket.c:730 [inline]\n__sock_sendmsg+0xd5/0x180 net/socket.c:745\n__sys_sendto+0x255/0x340 net/socket.c:2190\n__do_sys_sendto net/socket.c:2202 [inline]\n__se_sys_sendto net/socket.c:2198 [inline]\n__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7f8692032aa9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9\nRDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003\nRBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480\nR13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003\n\u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551\nCode: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 \u003c0f\u003e b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00\nRSP: 0018:ffffc900043473d0 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597\nRDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070\nRBP: ffffc90004347578 R0\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:36:25.408Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d3ffbbf8631d6db0552f46250015648991c856f"
},
{
"url": "https://git.kernel.org/stable/c/cd1022eaf87be8e6151435bd4df4c242c347e083"
},
{
"url": "https://git.kernel.org/stable/c/8f8f185643747fbb448de6aab0efa51c679909a3"
},
{
"url": "https://git.kernel.org/stable/c/6c53e8547687d9c767c139cd4b50af566f58c29a"
},
{
"url": "https://git.kernel.org/stable/c/989b0ff35fe5fc9652ee5bafbe8483db6f27b137"
},
{
"url": "https://git.kernel.org/stable/c/95b3904a261a9f810205da560e802cc326f50d77"
},
{
"url": "https://git.kernel.org/stable/c/23d05d563b7e7b0314e65c8e882bc27eac2da8e7"
}
],
"title": "net: prevent mss overflow in skb_segment()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52435",
"datePublished": "2024-02-20T18:27:27.245Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-05-04T07:36:25.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52600 (GCVE-0-2023-52600)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix uaf in jfs_evict_inode
When the execution of diMount(ipimap) fails, the object ipimap that has been
released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs
when rcu_core() calls jfs_free_node().
Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as
ipimap.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:42:50.823357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:10.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_mount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81b4249ef37297fb17ba102a524039a05c6c5d35",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32e8f2d95528d45828c613417cb2827d866cbdce",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_mount.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix uaf in jfs_evict_inode\n\nWhen the execution of diMount(ipimap) fails, the object ipimap that has been\nreleased may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs\nwhen rcu_core() calls jfs_free_node().\n\nTherefore, when diMount(ipimap) fails, sbi-\u003eipimap should not be initialized as\nipimap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:32.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35"
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f"
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8"
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61"
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce"
},
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e"
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e"
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3"
}
],
"title": "jfs: fix uaf in jfs_evict_inode",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52600",
"datePublished": "2024-03-06T06:45:28.198Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:32.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26772 (GCVE-0-2024-26772)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
Places the logic for checking if the group's block bitmap is corrupt under
the protection of the group lock to avoid allocating blocks from the group
with a corrupted block bitmap.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26772",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T19:16:02.816411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:30:43.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6b92b1bc16d691c95b152c6dbf027ad64315668d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ffeb72a80a82aba59a6774b0611f792e0ed3b0b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8de8305a25bfda607fc13475ebe84b978c96d7ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d639102f4cbd4cb65d1225dba3b9265596aab586",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d3bbe77a76bc52e9d4d0a120f1509be36e25c916",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21dbe20589c7f48e9c5d336ce6402bcebfa6d76a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "832698373a25950942c04a512daa652c18a9b513",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\n\nPlaces the logic for checking if the group\u0027s block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:09.839Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43"
},
{
"url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d"
},
{
"url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7"
},
{
"url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff"
},
{
"url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586"
},
{
"url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916"
},
{
"url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a"
},
{
"url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513"
}
],
"title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26772",
"datePublished": "2024-04-03T17:00:58.733Z",
"dateReserved": "2024-02-19T14:20:24.176Z",
"dateUpdated": "2025-05-04T08:56:09.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52599 (GCVE-0-2023-52599)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in diNewExt
[Syz report]
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2
index -878706688 is out of range for type 'struct iagctl[128]'
CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348
diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360
diAllocExt fs/jfs/jfs_imap.c:1949 [inline]
diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666
diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587
ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56
jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225
vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106
do_mkdirat+0x264/0x3a0 fs/namei.c:4129
__do_sys_mkdir fs/namei.c:4149 [inline]
__se_sys_mkdir fs/namei.c:4147 [inline]
__x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fcb7e6a0b57
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57
RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140
RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[Analysis]
When the agstart is too large, it can cause agno overflow.
[Fix]
After obtaining agno, if the value is invalid, exit the subsequent process.
Modified the test from agno > MAXAG to agno >= MAXAG based on linux-next
report by kernel test robot (Dan Carpenter).
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:46:56.259920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:47:03.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f423528488e4f9606cef858eceea210bf1163f41",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6aa30020879042d46df9f747e4f0a486eea6fe98",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3537f92cd22c672db97fae6997481e678ad14641",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6996d43b14486f4a6655b10edc541ada1b580b4b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a6660139195f5e2fbbda459eeecb8788f3885fe",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "49f9637aafa6e63ba686c13cb8549bf5e6920402",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diNewExt\n\n[Syz report]\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2\nindex -878706688 is out of range for type \u0027struct iagctl[128]\u0027\nCPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360\n diAllocExt fs/jfs/jfs_imap.c:1949 [inline]\n diAllocAG+0xbe8/0x1e50 fs/jfs/jfs_imap.c:1666\n diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587\n ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\n jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225\n vfs_mkdir+0x2f1/0x4b0 fs/namei.c:4106\n do_mkdirat+0x264/0x3a0 fs/namei.c:4129\n __do_sys_mkdir fs/namei.c:4149 [inline]\n __se_sys_mkdir fs/namei.c:4147 [inline]\n __x64_sys_mkdir+0x6e/0x80 fs/namei.c:4147\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\nRIP: 0033:0x7fcb7e6a0b57\nCode: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 0000000000000053\nRAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fcb7e6a0b57\nRDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140\nRBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n\n[Analysis]\nWhen the agstart is too large, it can cause agno overflow.\n\n[Fix]\nAfter obtaining agno, if the value is invalid, exit the subsequent process.\n\n\nModified the test from agno \u003e MAXAG to agno \u003e= MAXAG based on linux-next\nreport by kernel test robot (Dan Carpenter)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:31.588Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41"
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017"
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e"
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98"
},
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641"
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b"
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe"
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402"
}
],
"title": "jfs: fix array-index-out-of-bounds in diNewExt",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52599",
"datePublished": "2024-03-06T06:45:27.655Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:31.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52876 (GCVE-0-2023-52876)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 Version: 3b5e748615e714711220b2a95d19bd25a037db09 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:20:33.699635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:18.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd76feeb9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfa68e0ac5dcde43577adadf6f0f26f3b365ad68",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "96e9544a0c4faca616b3f9f4034dcd83a14e7f22",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "c4070ada5d5155c8d4d17ea64bd246949889f25b",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "a540ca0aeae83c2f3964bcb4e383f64ce2ec1783",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "b20cfe007a46f8c165d42a05c50a8d3d893e6592",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "1639072f6260babd017556e9f236ca2ad589d1e7",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
},
{
"lessThan": "0884393c63cc9a1772f7121a6645ba7bd76feeb9",
"status": "affected",
"version": "3b5e748615e714711220b2a95d19bd25a037db09",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt7629-eth.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:58.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfa68e0ac5dcde43577adadf6f0f26f3b365ad68"
},
{
"url": "https://git.kernel.org/stable/c/96e9544a0c4faca616b3f9f4034dcd83a14e7f22"
},
{
"url": "https://git.kernel.org/stable/c/c4070ada5d5155c8d4d17ea64bd246949889f25b"
},
{
"url": "https://git.kernel.org/stable/c/a540ca0aeae83c2f3964bcb4e383f64ce2ec1783"
},
{
"url": "https://git.kernel.org/stable/c/b20cfe007a46f8c165d42a05c50a8d3d893e6592"
},
{
"url": "https://git.kernel.org/stable/c/1639072f6260babd017556e9f236ca2ad589d1e7"
},
{
"url": "https://git.kernel.org/stable/c/0884393c63cc9a1772f7121a6645ba7bd76feeb9"
}
],
"title": "clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52876",
"datePublished": "2024-05-21T15:32:09.269Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:58.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5178 (GCVE-0-2023-5178)
Vulnerability from cvelistv5
Published
2023-11-01 16:32
Modified
2025-08-01 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.9.1.rt7.311.el8_9 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:07.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7551"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2023:7557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7557"
},
{
"name": "RHSA-2023:7559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7559"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0386"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5178"
},
{
"name": "RHBZ#2241924",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.rt7.311.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.9.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::nfv",
"cpe:/a:redhat:rhel_tus:8.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.rt13.179.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos",
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/o:redhat:rhel_tus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-193.128.1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::realtime",
"cpe:/a:redhat:rhel_tus:8.4::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.rt7.190.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-305.114.1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.43.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.18.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::crb",
"cpe:/a:redhat:rhel_eus:9.0::appstream",
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::realtime",
"cpe:/a:redhat:rhel_eus:9.0::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.85.1.rt21.156.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.0::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.40.1.rt14.325.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "unaffected",
"packageName": "kpatch-patch",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.87.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:33:17.941Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7370",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7370"
},
{
"name": "RHSA-2023:7379",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7379"
},
{
"name": "RHSA-2023:7418",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7418"
},
{
"name": "RHSA-2023:7548",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"name": "RHSA-2023:7549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7549"
},
{
"name": "RHSA-2023:7551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7551"
},
{
"name": "RHSA-2023:7554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7554"
},
{
"name": "RHSA-2023:7557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7557"
},
{
"name": "RHSA-2023:7559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7559"
},
{
"name": "RHSA-2024:0340",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0340"
},
{
"name": "RHSA-2024:0378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0378"
},
{
"name": "RHSA-2024:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0386"
},
{
"name": "RHSA-2024:0412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"name": "RHSA-2024:0431",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0431"
},
{
"name": "RHSA-2024:0432",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0432"
},
{
"name": "RHSA-2024:0461",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0461"
},
{
"name": "RHSA-2024:0554",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0554"
},
{
"name": "RHSA-2024:0575",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0575"
},
{
"name": "RHSA-2024:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1268"
},
{
"name": "RHSA-2024:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1269"
},
{
"name": "RHSA-2024:1278",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1278"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5178"
},
{
"name": "RHBZ#2241924",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-03T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: use after free in nvmet_tcp_free_crypto in nvme",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-415-\u003eCWE-416: Double Free leads to Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5178",
"datePublished": "2023-11-01T16:32:20.350Z",
"dateReserved": "2023-09-25T16:38:10.637Z",
"dateUpdated": "2025-08-01T17:33:17.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26602 (GCVE-0-2024-26602)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched/membarrier: reduce the ability to hammer on sys_membarrier
On some systems, sys_membarrier can be very expensive, causing overall
slowdowns for everything. So put a lock on the path in order to
serialize the accesses to prevent the ability for this to be called at
too high of a frequency and saturate the machine.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f Version: 22e4ebb975822833b083533035233d128b30e98f |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T16:20:03.636502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:51.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cd139875e9a7688b3fc715264032620812a5fa3",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "2441a64070b85c14eecc3728cc87e883f953f265",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "db896bbe4a9c67cee377e5f6a743350d3ae4acf6",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "50fb4e17df319bb33be6f14e2a856950c1577dee",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "24ec7504a08a67247fbe798d1de995208a8c128a",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "b6a2a9cbb67545c825ec95f06adb7ff300a2ad71",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "c5b2063c65d05e79fad8029324581d86cfba7eea",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
},
{
"lessThan": "944d5fe50f3f03daacfea16300e656a1691c4a23",
"status": "affected",
"version": "22e4ebb975822833b083533035233d128b30e98f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/membarrier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/membarrier: reduce the ability to hammer on sys_membarrier\n\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:06.429Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3"
},
{
"url": "https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265"
},
{
"url": "https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6"
},
{
"url": "https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee"
},
{
"url": "https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a"
},
{
"url": "https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71"
},
{
"url": "https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea"
},
{
"url": "https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23"
}
],
"title": "sched/membarrier: reduce the ability to hammer on sys_membarrier",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26602",
"datePublished": "2024-02-24T14:56:56.992Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:52:06.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26779 (GCVE-0-2024-26779)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix race condition on enabling fast-xmit
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T19:22:50.891620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:39:37.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/sta_info.c",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "76fad1174a0cae6fc857b9f88b261a2e4f07d587",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "85720b69aef177318f4a18efbcc4302228a340e5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5ffab99e070b9f8ae0cf60c3c3602b84eee818dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "88c18fd06608b3adee547102505d715f21075c9d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "eb39bb548bf974acad7bd6780fe11f9e6652d696",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "54b79d8786964e2f840e8a2ec4a9f9a50f3d4954",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "281280276b70c822f55ce15b661f6d1d3228aaa9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/sta_info.c",
"net/mac80211/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix race condition on enabling fast-xmit\n\nfast-xmit must only be enabled after the sta has been uploaded to the driver,\notherwise it could end up passing the not-yet-uploaded sta via drv_tx calls\nto the driver, leading to potential crashes because of uninitialized drv_priv\ndata.\nAdd a missing sta-\u003euploaded check and re-check fast xmit after inserting a sta."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:19.344Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587"
},
{
"url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5"
},
{
"url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd"
},
{
"url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d"
},
{
"url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696"
},
{
"url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954"
},
{
"url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9"
},
{
"url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f"
}
],
"title": "wifi: mac80211: fix race condition on enabling fast-xmit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26779",
"datePublished": "2024-04-03T17:01:09.807Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:19.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52581 (GCVE-0-2023-52581)
Vulnerability from cvelistv5
Published
2024-03-02 21:59
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak when more than 255 elements expired
When more than 255 elements expired we're supposed to switch to a new gc
container structure.
This never happens: u8 type will wrap before reaching the boundary
and nft_trans_gc_space() always returns true.
This means we recycle the initial gc container structure and
lose track of the elements that came before.
While at it, don't deref 'gc' after we've passed it to call_rcu.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27 Version: bbdb3b65aa91aa0a32b212f27780b28987f2d94f Version: 448be0774882f95a74fa5eb7519761152add601b Version: d19e8bf3ea4114dd21fc35da21f398203d7f7df1 Version: ea3eb9f2192e4fc33b795673e56c97a21987f868 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 5f68718b34a531a556f2f50300ead2862278da26 Version: 0624f190b5742a1527cd938295caa8dc5281d4cd |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:19:37.141289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:54:23.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7cf055b43756b10aa2b851c927c940f5ed652125",
"status": "affected",
"version": "8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27",
"versionType": "git"
},
{
"lessThan": "a995a68e8a3b48533e47c856865d109a1f1a9d01",
"status": "affected",
"version": "bbdb3b65aa91aa0a32b212f27780b28987f2d94f",
"versionType": "git"
},
{
"lessThan": "09c85f2d21ab6b5acba31a037985b13e8e6565b8",
"status": "affected",
"version": "448be0774882f95a74fa5eb7519761152add601b",
"versionType": "git"
},
{
"lessThan": "ef99506eaf1dc31feff1adfcfd68bc5535a22171",
"status": "affected",
"version": "d19e8bf3ea4114dd21fc35da21f398203d7f7df1",
"versionType": "git"
},
{
"lessThan": "7e5d732e6902eb6a37b35480796838a145ae5f07",
"status": "affected",
"version": "ea3eb9f2192e4fc33b795673e56c97a21987f868",
"versionType": "git"
},
{
"lessThan": "4aea243b6853d06c1d160a9955b759189aa02b14",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"lessThan": "cf5000a7787cbc10341091d37245a42c119d26c5",
"status": "affected",
"version": "5f68718b34a531a556f2f50300ead2862278da26",
"versionType": "git"
},
{
"status": "affected",
"version": "0624f190b5742a1527cd938295caa8dc5281d4cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we\u0027re supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don\u0027t deref \u0027gc\u0027 after we\u0027ve passed it to call_rcu."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:19.969Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7cf055b43756b10aa2b851c927c940f5ed652125"
},
{
"url": "https://git.kernel.org/stable/c/a995a68e8a3b48533e47c856865d109a1f1a9d01"
},
{
"url": "https://git.kernel.org/stable/c/09c85f2d21ab6b5acba31a037985b13e8e6565b8"
},
{
"url": "https://git.kernel.org/stable/c/ef99506eaf1dc31feff1adfcfd68bc5535a22171"
},
{
"url": "https://git.kernel.org/stable/c/7e5d732e6902eb6a37b35480796838a145ae5f07"
},
{
"url": "https://git.kernel.org/stable/c/4aea243b6853d06c1d160a9955b759189aa02b14"
},
{
"url": "https://git.kernel.org/stable/c/cf5000a7787cbc10341091d37245a42c119d26c5"
}
],
"title": "netfilter: nf_tables: fix memleak when more than 255 elements expired",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52581",
"datePublished": "2024-03-02T21:59:47.856Z",
"dateReserved": "2024-03-02T21:55:42.569Z",
"dateUpdated": "2025-05-04T12:49:19.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52875 (GCVE-0-2023-52875)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
Add the check for the return value of mtk_alloc_clk_data() in order to
avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 Version: e9862118272aa528e35e54ef9f1e35c217870fd7 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fccee2af400edaed9cf349d506c5971d4762739"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1953e62366da5460dc712e045f94fb0d8918999d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1461f0c9ca0827c03730fe9652ebbf6316a2a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/001e5def774fa1a8f2b29567c0b0cd3e3a859a96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a18dd653284550900b02107c3c7b3ac5e0eb802"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52875",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:21.387443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:53.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt2701.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6fccee2af400edaed9cf349d506c5971d4762739",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "1953e62366da5460dc712e045f94fb0d8918999d",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "d1461f0c9ca0827c03730fe9652ebbf6316a2a95",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "001e5def774fa1a8f2b29567c0b0cd3e3a859a96",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "2a18dd653284550900b02107c3c7b3ac5e0eb802",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
},
{
"lessThan": "0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3",
"status": "affected",
"version": "e9862118272aa528e35e54ef9f1e35c217870fd7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/mediatek/clk-mt2701.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data\n\nAdd the check for the return value of mtk_alloc_clk_data() in order to\navoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:52.032Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6fccee2af400edaed9cf349d506c5971d4762739"
},
{
"url": "https://git.kernel.org/stable/c/1953e62366da5460dc712e045f94fb0d8918999d"
},
{
"url": "https://git.kernel.org/stable/c/d1461f0c9ca0827c03730fe9652ebbf6316a2a95"
},
{
"url": "https://git.kernel.org/stable/c/001e5def774fa1a8f2b29567c0b0cd3e3a859a96"
},
{
"url": "https://git.kernel.org/stable/c/d1175cf4bd2b4c5f7c43f677ea1ce9ad2c18d055"
},
{
"url": "https://git.kernel.org/stable/c/2a18dd653284550900b02107c3c7b3ac5e0eb802"
},
{
"url": "https://git.kernel.org/stable/c/e61934720af4a58ffd43a63ffdd6f3a0bd7d7b47"
},
{
"url": "https://git.kernel.org/stable/c/1bf9c204aef4cc55ce46a7ff2d4dc7e5f86551a7"
},
{
"url": "https://git.kernel.org/stable/c/0d6e24b422a2166a9297a8286ff2e6ab9a5e8cd3"
}
],
"title": "clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52875",
"datePublished": "2024-05-21T15:32:08.604Z",
"dateReserved": "2024-05-21T15:19:24.264Z",
"dateUpdated": "2025-05-04T07:44:52.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26777 (GCVE-0-2024-26777)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: sis: Error out if pixclock equals zero
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of pixclock,
it may cause divide-by-zero error.
In sisfb_check_var(), var->pixclock is used as a divisor to caculate
drate before it is checked against zero. Fix this by checking it
at the beginning.
This is similar to CVE-2022-3061 in i740fb which was fixed by
commit 15cf0b8.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:10:58.840983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:30.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sis/sis_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84246c35ca34207114055a87552a1c4289c8fd7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6db07619d173765bd8622d63809cbfe361f04207",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd36da760bd1f78c63c7078407baf01dd724f313",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df6e2088c6f4cad539cf67cba2d6764461e798d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f329523f6a65c3bbce913ad35473d83a319d5d99",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "99f1abc34a6dde248d2219d64aa493c76bbdd9eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d11dd3ea5d039c7da089f309f39c4cd363b924b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e421946be7d9bf545147bea8419ef8239cb7ca52",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/sis/sis_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:16.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e"
},
{
"url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207"
},
{
"url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313"
},
{
"url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1"
},
{
"url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99"
},
{
"url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb"
},
{
"url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b"
},
{
"url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52"
}
],
"title": "fbdev: sis: Error out if pixclock equals zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26777",
"datePublished": "2024-04-03T17:01:02.935Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:16.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52670 (GCVE-0-2023-52670)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 07:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: virtio: Free driver_override when rpmsg_remove()
Free driver_override when rpmsg_remove(), otherwise
the following memory leak will occur:
unreferenced object 0xffff0000d55d7080 (size 128):
comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s)
hex dump (first 32 bytes):
72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320
[<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70
[<00000000228a60c3>] kstrndup+0x4c/0x90
[<0000000077158695>] driver_set_override+0xd0/0x164
[<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170
[<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30
[<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec
[<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280
[<00000000443331cc>] really_probe+0xbc/0x2dc
[<00000000391064b1>] __driver_probe_device+0x78/0xe0
[<00000000a41c9a5b>] driver_probe_device+0xd8/0x160
[<000000009c3bd5df>] __device_attach_driver+0xb8/0x140
[<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4
[<000000003b929a36>] __device_attach+0x9c/0x19c
[<00000000a94e0ba8>] device_initial_probe+0x14/0x20
[<000000003c999637>] bus_probe_device+0xa0/0xac
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b Version: b0b03b8119633de0649da9bd506e4850c401ff2b |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "229ce47cbfdc",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dd50fe18c234",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "69ca89d80f2c",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2d27a7b19cb3",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f4bb1d5daf77",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4e6cef3fae5c",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9a416d624e5f",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d5362c37e1f8",
"status": "affected",
"version": "b0b03b811963",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.307",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4269",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.76",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.15",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.73",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T20:01:16.725609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:43:43.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:34.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/rpmsg/virtio_rpmsg_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "229ce47cbfdc7d3a9415eb676abbfb77d676cb08",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "69ca89d80f2c8a1f5af429b955637beea7eead30",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "2d27a7b19cb354c6d04bcdc9239e261ff29858d6",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "f4bb1d5daf77b1a95a43277268adf0d1430c2346",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "4e6cef3fae5c164968118a13f3fe293700adc81a",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "9a416d624e5fb7246ea97c11fbfea7e0e27abf43",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
},
{
"lessThan": "d5362c37e1f8a40096452fc201c30e705750e687",
"status": "affected",
"version": "b0b03b8119633de0649da9bd506e4850c401ff2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/rpmsg/virtio_rpmsg_bus.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: virtio: Free driver_override when rpmsg_remove()\n\nFree driver_override when rpmsg_remove(), otherwise\nthe following memory leak will occur:\n\nunreferenced object 0xffff0000d55d7080 (size 128):\n comm \"kworker/u8:2\", pid 56, jiffies 4294893188 (age 214.272s)\n hex dump (first 32 bytes):\n 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c000000009c94c9c1\u003e] __kmem_cache_alloc_node+0x1f8/0x320\n [\u003c000000002300d89b\u003e] __kmalloc_node_track_caller+0x44/0x70\n [\u003c00000000228a60c3\u003e] kstrndup+0x4c/0x90\n [\u003c0000000077158695\u003e] driver_set_override+0xd0/0x164\n [\u003c000000003e9c4ea5\u003e] rpmsg_register_device_override+0x98/0x170\n [\u003c000000001c0c89a8\u003e] rpmsg_ns_register_device+0x24/0x30\n [\u003c000000008bbf8fa2\u003e] rpmsg_probe+0x2e0/0x3ec\n [\u003c00000000e65a68df\u003e] virtio_dev_probe+0x1c0/0x280\n [\u003c00000000443331cc\u003e] really_probe+0xbc/0x2dc\n [\u003c00000000391064b1\u003e] __driver_probe_device+0x78/0xe0\n [\u003c00000000a41c9a5b\u003e] driver_probe_device+0xd8/0x160\n [\u003c000000009c3bd5df\u003e] __device_attach_driver+0xb8/0x140\n [\u003c0000000043cd7614\u003e] bus_for_each_drv+0x7c/0xd4\n [\u003c000000003b929a36\u003e] __device_attach+0x9c/0x19c\n [\u003c00000000a94e0ba8\u003e] device_initial_probe+0x14/0x20\n [\u003c000000003c999637\u003e] bus_probe_device+0xa0/0xac"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:41:13.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08"
},
{
"url": "https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d"
},
{
"url": "https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30"
},
{
"url": "https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6"
},
{
"url": "https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346"
},
{
"url": "https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a"
},
{
"url": "https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e27abf43"
},
{
"url": "https://git.kernel.org/stable/c/d5362c37e1f8a40096452fc201c30e705750e687"
}
],
"title": "rpmsg: virtio: Free driver_override when rpmsg_remove()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52670",
"datePublished": "2024-05-17T14:02:01.617Z",
"dateReserved": "2024-03-07T14:49:46.885Z",
"dateUpdated": "2025-05-04T07:41:13.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26791 (GCVE-0-2024-26791)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
btrfs: dev-replace: properly validate device names
There's a syzbot report that device name buffers passed to device
replace are not properly checked for string termination which could lead
to a read out of bounds in getname_kernel().
Add a helper that validates both source and target device name buffers.
For devid as the source initialize the buffer to empty string in case
something tries to read it later.
This was originally analyzed and fixed in a different way by Edward Adam
Davis (see links).
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26791",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:50:58.820208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/dev-replace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "11d7a2e429c02d51e2dc90713823ea8b8d3d3a84",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6652e20d7d783d060fe5f987eac7b5cabe31311",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2886fe308a83968dde252302884a1e63351cf16d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab2d68655d0f04650bef09fee948ff80597c5fb9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f590040ce2b712177306b03c2a63b16f7d48d3c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b1690ced4d2d8b28868811fb81cd33eee5aefee1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "343eecb4ff49a7b1cc1dfe86958a805cf2341cfb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9845664b9ee47ce7ee7ea93caf47d39a9d4552c4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/dev-replace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: dev-replace: properly validate device names\n\nThere\u0027s a syzbot report that device name buffers passed to device\nreplace are not properly checked for string termination which could lead\nto a read out of bounds in getname_kernel().\n\nAdd a helper that validates both source and target device name buffers.\nFor devid as the source initialize the buffer to empty string in case\nsomething tries to read it later.\n\nThis was originally analyzed and fixed in a different way by Edward Adam\nDavis (see links)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:37.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84"
},
{
"url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311"
},
{
"url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d"
},
{
"url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9"
},
{
"url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8"
},
{
"url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1"
},
{
"url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb"
},
{
"url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4"
}
],
"title": "btrfs: dev-replace: properly validate device names",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26791",
"datePublished": "2024-04-04T08:20:22.374Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:37.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26735 (GCVE-0-2024-26735)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix possible use-after-free and null-ptr-deref
The pernet operations structure for the subsystem must be registered
before registering the generic netlink family.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa Version: 915d7e5e5930b4f01d0971d93b9b25ed17d221aa |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:17:44.078376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:01:54.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-01T17:03:12.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "953f42934533c151f440cd32390044d2396b87aa",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "82831e3ff76ef09fb184eb93b79a3eb3fb284f1d",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "65c38f23d10ff79feea1e5d50b76dc7af383c1e6",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "91b020aaa1e59bfb669d34c968e3db3d5416bcee",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "8391b9b651cfdf80ab0f1dc4a489f9d67386e197",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "9e02973dbc6a91e40aa4f5d87b8c47446fbfce44",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "02b08db594e8218cfbc0e4680d4331b457968a9b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
},
{
"lessThan": "5559cea2d5aa3018a5f00dd2aca3427ba09b386b",
"status": "affected",
"version": "915d7e5e5930b4f01d0971d93b9b25ed17d221aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/seg6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:13.758Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa"
},
{
"url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d"
},
{
"url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6"
},
{
"url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee"
},
{
"url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197"
},
{
"url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44"
},
{
"url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b"
},
{
"url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b"
}
],
"title": "ipv6: sr: fix possible use-after-free and null-ptr-deref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26735",
"datePublished": "2024-04-03T17:00:21.972Z",
"dateReserved": "2024-02-19T14:20:24.165Z",
"dateUpdated": "2025-05-04T08:55:13.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52504 (GCVE-0-2023-52504)
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/alternatives: Disable KASAN in apply_alternatives()
Fei has reported that KASAN triggers during apply_alternatives() on
a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)
gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on
__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().
KASAN gets confused when apply_alternatives() patches the
KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START
static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.
Fix it for real by disabling KASAN while the kernel is patching alternatives.
[ mingo: updated the changelog ]
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 Version: 6657fca06e3ffab8d0b3f9d8b397f5ee498952d7 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:11:24.462038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:02.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/alternative.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3719d3c36aa853d5a2401af9f8d6b116c91ad5ae",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "3770c38cd6a60494da29ac2da73ff8156440a2d1",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "6788b10620ca6e98575d1e06e72a8974aad7657e",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "ecba5afe86f30605eb9dfb7f265a8de0218d4cfc",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "5b784489c8158518bf7a466bb3cc045b0fb66b4b",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "cd287cc208dfe6bd6da98e7f88e723209242c9b4",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
},
{
"lessThan": "d35652a5fc9944784f6f50a5c979518ff8dacf61",
"status": "affected",
"version": "6657fca06e3ffab8d0b3f9d8b397f5ee498952d7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kernel/alternative.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:09.999Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3719d3c36aa853d5a2401af9f8d6b116c91ad5ae"
},
{
"url": "https://git.kernel.org/stable/c/3770c38cd6a60494da29ac2da73ff8156440a2d1"
},
{
"url": "https://git.kernel.org/stable/c/6788b10620ca6e98575d1e06e72a8974aad7657e"
},
{
"url": "https://git.kernel.org/stable/c/ecba5afe86f30605eb9dfb7f265a8de0218d4cfc"
},
{
"url": "https://git.kernel.org/stable/c/5b784489c8158518bf7a466bb3cc045b0fb66b4b"
},
{
"url": "https://git.kernel.org/stable/c/cd287cc208dfe6bd6da98e7f88e723209242c9b4"
},
{
"url": "https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61"
}
],
"title": "x86/alternatives: Disable KASAN in apply_alternatives()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52504",
"datePublished": "2024-03-02T21:52:18.500Z",
"dateReserved": "2024-02-20T12:30:33.314Z",
"dateUpdated": "2025-05-04T07:38:09.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52655 (GCVE-0-2023-52655)
Vulnerability from cvelistv5
Published
2024-05-13 10:20
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: aqc111: check packet for fixup for true limit
If a device sends a packet that is inbetween 0
and sizeof(u64) the value passed to skb_trim()
as length will wrap around ending up as some very
large value.
The driver will then proceed to parse the header
located at that position, which will either oops or
process some random value.
The fix is to check against sizeof(u64) rather than
0, which the driver currently does. The issue exists
since the introduction of the driver.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:30:22.988922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:30:31.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/aqc111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84f2e5b3e70f08fce3cb1ff73414631c5e490204",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d69581c17608d81824dd497d9a54b6a5b6139975",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "46412b2fb1f9cc895d6d4036bf24f640b5d86dab",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "82c386d73689a45d5ee8c1290827bce64056dddd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2ebf775f0541ae0d474836fa0cf3220e502f8e3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ccab434e674ca95d483788b1895a70c21b7f016a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/usb/aqc111.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.265",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.205",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.144",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.69",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aqc111: check packet for fixup for true limit\n\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\n\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\n\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:57.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204"
},
{
"url": "https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975"
},
{
"url": "https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab"
},
{
"url": "https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd"
},
{
"url": "https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e"
},
{
"url": "https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a"
}
],
"title": "usb: aqc111: check packet for fixup for true limit",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52655",
"datePublished": "2024-05-13T10:20:01.160Z",
"dateReserved": "2024-03-06T09:52:12.099Z",
"dateUpdated": "2025-05-04T07:40:57.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27417 (GCVE-0-2024-27417)
Vulnerability from cvelistv5
Published
2024-05-17 11:51
Modified
2025-05-04 09:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 Version: 6ecf4c37eb3e89b0832c9616089a5cdca3747da7 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:19:39.323921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:02.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "810fa7d5e5202fcfb22720304b755f1bdfd4c174",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "8a54834c03c30e549c33d5da0975f3e1454ec906",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "1b0998fdd85776775d975d0024bca227597e836a",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "44112bc5c74e64f28f5a9127dc34066c7a09bd0f",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "33a1b6bfef6def2068c8703403759024ce17053e",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
},
{
"lessThan": "10bfd453da64a057bcfd1a49fb6b271c48653cdb",
"status": "affected",
"version": "6ecf4c37eb3e89b0832c9616089a5cdca3747da7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/addrconf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()\n\nIt seems that if userspace provides a correct IFA_TARGET_NETNSID value\nbut no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()\nreturns -EINVAL with an elevated \"struct net\" refcount."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:04:42.491Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132"
},
{
"url": "https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174"
},
{
"url": "https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906"
},
{
"url": "https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a"
},
{
"url": "https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f"
},
{
"url": "https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e"
},
{
"url": "https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb"
}
],
"title": "ipv6: fix potential \"struct net\" leak in inet6_rtm_getaddr()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27417",
"datePublished": "2024-05-17T11:51:07.803Z",
"dateReserved": "2024-02-25T13:47:42.683Z",
"dateUpdated": "2025-05-04T09:04:42.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52806 (GCVE-0-2023-52806)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
While AudioDSP drivers assign streams exclusively of HOST or LINK type,
nothing blocks a user to attempt to assign a COUPLED stream. As
supplied substream instance may be a stub, what is the case when
code-loading, such scenario ends with null-ptr-deref.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:47.089606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7de25112de8222fd20564769e6c99dc9f9738a0b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "758c7733cb821041f5fd403b7b97c0b95d319323",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2527775616f3638f4fd54649eba8c7b84d5e4250",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "25354bae4fc310c3928e8a42fda2d486f67745d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "631a96e9eb4228ff75fce7e72d133ca81194797e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "43b91df291c8802268ab3cfd8fccfdf135800ed4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a320da7f7cbdab2098b103c47f45d5061f42edd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f93dc90c2e8ed664985e366aa6459ac83cdab236",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:32.461Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52806",
"datePublished": "2024-05-21T15:31:17.025Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:32.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52818 (GCVE-0-2023-52818)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
For pptable structs that use flexible array sizes, use flexible arrays.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:40.825191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/include/pptable.h",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e52e324a21341c97350d5f11de14721c1c609498",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cfd8cd907fd94538561479a43aea455f5cf16928",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c847379a5d00078ad6fcb1c24230e72c5609342f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8af28ae3acb736ada4ce3457662fa446cc913bb4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "acdb6830de02cf2873aeaccdf2d9bca4aee50e47",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6dffdddfca818c02a42b6caa1d9845995f0a1f94",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "92a775e7c9707aed28782bafe636bf87675f5a97",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "760efbca74a405dc439a013a5efaa9fadc95a8c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/include/pptable.h",
"drivers/gpu/drm/amd/pm/powerplay/hwmgr/pptable_v1_0.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7\n\nFor pptable structs that use flexible array sizes, use flexible arrays."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:46.442Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498"
},
{
"url": "https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928"
},
{
"url": "https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f"
},
{
"url": "https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4"
},
{
"url": "https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47"
},
{
"url": "https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b"
},
{
"url": "https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94"
},
{
"url": "https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97"
},
{
"url": "https://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3"
}
],
"title": "drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52818",
"datePublished": "2024-05-21T15:31:24.915Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52853 (GCVE-0-2023-52853)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hid: cp2112: Fix duplicate workqueue initialization
Previously the cp2112 driver called INIT_DELAYED_WORK within
cp2112_gpio_irq_startup, resulting in duplicate initilizations of the
workqueue on subsequent IRQ startups following an initial request. This
resulted in a warning in set_work_data in workqueue.c, as well as a rare
NULL dereference within process_one_work in workqueue.c.
Initialize the workqueue within _probe instead.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 Version: 13de9cca514ed63604263cad87ca8cb36e9b6489 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:51:33.652573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:57.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-cp2112.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "df0daac2709473531d6a3472997cc65301ac06d6",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "727203e6e7e7020e1246fc1628cbdb8d90177819",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "3d959406c8fff2334d83d0c352d54fd6f5b2e7cd",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "012d0c66f9392a99232ac28217229f32dd3a70cf",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "bafb12b629b7c3ad59812dd1ac1b0618062e0e38",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "fb5718bc67337dde1528661f419ffcf275757592",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "eb1121fac7986b30915ba20c5a04cc01fdcf160c",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
},
{
"lessThan": "e3c2d2d144c082dd71596953193adf9891491f42",
"status": "affected",
"version": "13de9cca514ed63604263cad87ca8cb36e9b6489",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-cp2112.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhid: cp2112: Fix duplicate workqueue initialization\n\nPreviously the cp2112 driver called INIT_DELAYED_WORK within\ncp2112_gpio_irq_startup, resulting in duplicate initilizations of the\nworkqueue on subsequent IRQ startups following an initial request. This\nresulted in a warning in set_work_data in workqueue.c, as well as a rare\nNULL dereference within process_one_work in workqueue.c.\n\nInitialize the workqueue within _probe instead."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:21.084Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/df0daac2709473531d6a3472997cc65301ac06d6"
},
{
"url": "https://git.kernel.org/stable/c/727203e6e7e7020e1246fc1628cbdb8d90177819"
},
{
"url": "https://git.kernel.org/stable/c/3d959406c8fff2334d83d0c352d54fd6f5b2e7cd"
},
{
"url": "https://git.kernel.org/stable/c/012d0c66f9392a99232ac28217229f32dd3a70cf"
},
{
"url": "https://git.kernel.org/stable/c/bafb12b629b7c3ad59812dd1ac1b0618062e0e38"
},
{
"url": "https://git.kernel.org/stable/c/fb5718bc67337dde1528661f419ffcf275757592"
},
{
"url": "https://git.kernel.org/stable/c/eb1121fac7986b30915ba20c5a04cc01fdcf160c"
},
{
"url": "https://git.kernel.org/stable/c/e3c2d2d144c082dd71596953193adf9891491f42"
}
],
"title": "hid: cp2112: Fix duplicate workqueue initialization",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52853",
"datePublished": "2024-05-21T15:31:48.571Z",
"dateReserved": "2024-05-21T15:19:24.256Z",
"dateUpdated": "2025-05-04T07:44:21.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52486 (GCVE-0-2023-52486)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm: Don't unref the same fb many times by mistake due to deadlock handling
If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()
we proceed to unref the fb and then retry the whole thing from the top.
But we forget to reset the fb pointer back to NULL, and so if we then
get another error during the retry, before the fb lookup, we proceed
the unref the same fb again without having gotten another reference.
The end result is that the fb will (eventually) end up being freed
while it's still in use.
Reset fb to NULL once we've unreffed it to avoid doing it again
until we've done another fb lookup.
This turned out to be pretty easy to hit on a DG2 when doing async
flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I
saw that drm_closefb() simply got stuck in a busy loop while walking
the framebuffer list. Fortunately I was able to convince it to oops
instead, and from there it was easier to track down the culprit.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:18:14.689026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:18:24.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dd334a8245011ace45e53298175c7b659edb3e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f55261469be87c55df13db76dc945f6bcd825105"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4af63da9d94986c529d74499fdfe44289acd551"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7afdf360f4ac142832b098b4de974e867cc063c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfd0feb1b109cb63b87fdcd00122603787c75a1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "376e21a9e4c2c63ee5d8d3aa74be5082c3882229",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9dd334a8245011ace45e53298175c7b659edb3e7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f55261469be87c55df13db76dc945f6bcd825105",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b4af63da9d94986c529d74499fdfe44289acd551",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d7afdf360f4ac142832b098b4de974e867cc063c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bfd0feb1b109cb63b87fdcd00122603787c75a1a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/drm_plane.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Don\u0027t unref the same fb many times by mistake due to deadlock handling\n\nIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()\nwe proceed to unref the fb and then retry the whole thing from the top.\nBut we forget to reset the fb pointer back to NULL, and so if we then\nget another error during the retry, before the fb lookup, we proceed\nthe unref the same fb again without having gotten another reference.\nThe end result is that the fb will (eventually) end up being freed\nwhile it\u0027s still in use.\n\nReset fb to NULL once we\u0027ve unreffed it to avoid doing it again\nuntil we\u0027ve done another fb lookup.\n\nThis turned out to be pretty easy to hit on a DG2 when doing async\nflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I\nsaw that drm_closefb() simply got stuck in a busy loop while walking\nthe framebuffer list. Fortunately I was able to convince it to oops\ninstead, and from there it was easier to track down the culprit."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:42.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229"
},
{
"url": "https://git.kernel.org/stable/c/9dd334a8245011ace45e53298175c7b659edb3e7"
},
{
"url": "https://git.kernel.org/stable/c/f55261469be87c55df13db76dc945f6bcd825105"
},
{
"url": "https://git.kernel.org/stable/c/b4af63da9d94986c529d74499fdfe44289acd551"
},
{
"url": "https://git.kernel.org/stable/c/62f2e79cf9f4f47cc9dea9cebdf58d9f7b5695e0"
},
{
"url": "https://git.kernel.org/stable/c/d7afdf360f4ac142832b098b4de974e867cc063c"
},
{
"url": "https://git.kernel.org/stable/c/bfd0feb1b109cb63b87fdcd00122603787c75a1a"
},
{
"url": "https://git.kernel.org/stable/c/cb4daf271302d71a6b9a7c01bd0b6d76febd8f0c"
}
],
"title": "drm: Don\u0027t unref the same fb many times by mistake due to deadlock handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52486",
"datePublished": "2024-02-29T15:52:06.888Z",
"dateReserved": "2024-02-20T12:30:33.301Z",
"dateUpdated": "2025-05-04T07:37:42.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26664 (GCVE-0-2024-26664)
Vulnerability from cvelistv5
Published
2024-04-02 06:22
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (coretemp) Fix out-of-bounds memory access
Fix a bug that pdata->cpu_map[] is set before out-of-bounds check.
The problem might be triggered on systems with more than 128 cores per
package.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 4f9dcadc55c21b39b072bb0882362c7edc4340bc Version: c00cdfc9bd767ee743ad3a4054de17aeb0afcbca Version: d9f0159da05df869071164edf0c6d7302efc5eca Version: 30cf0dee372baf9b515f2d9c7218f905fddf3cdb Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: 7108b80a542b9d65e44b36d64a700a83658c0b73 Version: d1de8e1ae924d9dc31548676e4a665b52ebee27e |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:46.681028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:57.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a",
"status": "affected",
"version": "4f9dcadc55c21b39b072bb0882362c7edc4340bc",
"versionType": "git"
},
{
"lessThan": "1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b",
"status": "affected",
"version": "c00cdfc9bd767ee743ad3a4054de17aeb0afcbca",
"versionType": "git"
},
{
"lessThan": "f0da068c75c20ffc5ba28243ff577531dc2af1fd",
"status": "affected",
"version": "d9f0159da05df869071164edf0c6d7302efc5eca",
"versionType": "git"
},
{
"lessThan": "a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e",
"status": "affected",
"version": "30cf0dee372baf9b515f2d9c7218f905fddf3cdb",
"versionType": "git"
},
{
"lessThan": "9bce69419271eb8b2b3ab467387cb59c99d80deb",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "853a6503c586a71abf27e60a7f8c4fb28092976d",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "3a7753bda55985dc26fae17795cb10d825453ad1",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"lessThan": "4e440abc894585a34c2904a32cd54af1742311b3",
"status": "affected",
"version": "7108b80a542b9d65e44b36d64a700a83658c0b73",
"versionType": "git"
},
{
"status": "affected",
"version": "d1de8e1ae924d9dc31548676e4a665b52ebee27e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hwmon/coretemp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19.264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Fix out-of-bounds memory access\n\nFix a bug that pdata-\u003ecpu_map[] is set before out-of-bounds check.\nThe problem might be triggered on systems with more than 128 cores per\npackage."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:21.694Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a"
},
{
"url": "https://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b"
},
{
"url": "https://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd"
},
{
"url": "https://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e"
},
{
"url": "https://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb"
},
{
"url": "https://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d"
},
{
"url": "https://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1"
},
{
"url": "https://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3"
}
],
"title": "hwmon: (coretemp) Fix out-of-bounds memory access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26664",
"datePublished": "2024-04-02T06:22:13.341Z",
"dateReserved": "2024-02-19T14:20:24.148Z",
"dateUpdated": "2025-05-04T12:54:21.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52587 (GCVE-0-2023-52587)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/ipoib: Fix mcast list locking
Releasing the `priv->lock` while iterating the `priv->multicast_list` in
`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to
remove the items while in the middle of iteration. If the mcast is removed
while the lock was dropped, the for loop spins forever resulting in a hard
lockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):
Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)
-----------------------------------+-----------------------------------
ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)
spin_lock_irq(&priv->lock) | __ipoib_ib_dev_flush(priv, ...)
list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv->dev)
&priv->multicast_list, list) |
ipoib_mcast_join(dev, mcast) |
spin_unlock_irq(&priv->lock) |
| spin_lock_irqsave(&priv->lock, flags)
| list_for_each_entry_safe(mcast, tmcast,
| &priv->multicast_list, list)
| list_del(&mcast->list);
| list_add_tail(&mcast->list, &remove_list)
| spin_unlock_irqrestore(&priv->lock, flags)
spin_lock_irq(&priv->lock) |
| ipoib_mcast_remove_list(&remove_list)
(Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,
`priv->multicast_list` and we keep | remove_list, list)
spinning on the `remove_list` of | >>> wait_for_completion(&mcast->done)
the other thread which is blocked |
and the list is still valid on |
it's stack.)
Fix this by keeping the lock held and changing to GFP_ATOMIC to prevent
eventual sleeps.
Unfortunately we could not reproduce the lockup and confirm this fix but
based on the code review I think this fix should address such lockups.
crash> bc 31
PID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: "kworker/u72:2"
--
[exception RIP: ipoib_mcast_join_task+0x1b1]
RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002
RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000
work (&priv->mcast_task{,.work})
RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000
&mcast->list
RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000
R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00
mcast
R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8
dev priv (&priv->lock) &priv->multicast_list (aka head)
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
--- <NMI exception stack> ---
#5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]
#6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967
crash> rx ff646f199a8c7e68
ff646f199a8c7e68: ff1c6a1a04dc82f8 <<< work = &priv->mcast_task.work
crash> list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000
(empty)
crash> ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000
mcast_task.work.func = 0xffffffffc0944910 <ipoib_mcast_join_task>,
mcast_mutex.owner.counter = 0xff1c69998efec000
crash> b 8
PID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: "kworker/u72:0"
--
#3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646
#4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]
#5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]
#6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]
#7 [ff
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T18:50:41.278526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:13.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4c8922ae8eb8dcc1e4b7d1059d97a8334288d825",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "615e3adc2042b7be4ad122a043fc9135e6342c90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ac2630fd3c90ffec34a0bfc4d413668538b0e8f2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ed790bd0903ed3352ebf7f650d910f49b7319b34",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5108a2dc2db5630fb6cd58b8be80a0c134bc310a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "342258fb46d66c1b4c7e2c3717ac01e10c03cf18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7c7bd4d561e9dc6f5b7df9e184974915f6701a89",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4f973e211b3b1c6d36f7c6a19239d258856749f9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/ipoib/ipoib_multicast.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/ipoib: Fix mcast list locking\n\nReleasing the `priv-\u003elock` while iterating the `priv-\u003emulticast_list` in\n`ipoib_mcast_join_task()` opens a window for `ipoib_mcast_dev_flush()` to\nremove the items while in the middle of iteration. If the mcast is removed\nwhile the lock was dropped, the for loop spins forever resulting in a hard\nlockup (as was reported on RHEL 4.18.0-372.75.1.el8_6 kernel):\n\n Task A (kworker/u72:2 below) | Task B (kworker/u72:0 below)\n -----------------------------------+-----------------------------------\n ipoib_mcast_join_task(work) | ipoib_ib_dev_flush_light(work)\n spin_lock_irq(\u0026priv-\u003elock) | __ipoib_ib_dev_flush(priv, ...)\n list_for_each_entry(mcast, | ipoib_mcast_dev_flush(dev = priv-\u003edev)\n \u0026priv-\u003emulticast_list, list) |\n ipoib_mcast_join(dev, mcast) |\n spin_unlock_irq(\u0026priv-\u003elock) |\n | spin_lock_irqsave(\u0026priv-\u003elock, flags)\n | list_for_each_entry_safe(mcast, tmcast,\n | \u0026priv-\u003emulticast_list, list)\n | list_del(\u0026mcast-\u003elist);\n | list_add_tail(\u0026mcast-\u003elist, \u0026remove_list)\n | spin_unlock_irqrestore(\u0026priv-\u003elock, flags)\n spin_lock_irq(\u0026priv-\u003elock) |\n | ipoib_mcast_remove_list(\u0026remove_list)\n (Here, `mcast` is no longer on the | list_for_each_entry_safe(mcast, tmcast,\n `priv-\u003emulticast_list` and we keep | remove_list, list)\n spinning on the `remove_list` of | \u003e\u003e\u003e wait_for_completion(\u0026mcast-\u003edone)\n the other thread which is blocked |\n and the list is still valid on |\n it\u0027s stack.)\n\nFix this by keeping the lock held and changing to GFP_ATOMIC to prevent\neventual sleeps.\nUnfortunately we could not reproduce the lockup and confirm this fix but\nbased on the code review I think this fix should address such lockups.\n\ncrash\u003e bc 31\nPID: 747 TASK: ff1c6a1a007e8000 CPU: 31 COMMAND: \"kworker/u72:2\"\n--\n [exception RIP: ipoib_mcast_join_task+0x1b1]\n RIP: ffffffffc0944ac1 RSP: ff646f199a8c7e00 RFLAGS: 00000002\n RAX: 0000000000000000 RBX: ff1c6a1a04dc82f8 RCX: 0000000000000000\n work (\u0026priv-\u003emcast_task{,.work})\n RDX: ff1c6a192d60ac68 RSI: 0000000000000286 RDI: ff1c6a1a04dc8000\n \u0026mcast-\u003elist\n RBP: ff646f199a8c7e90 R8: ff1c699980019420 R9: ff1c6a1920c9a000\n R10: ff646f199a8c7e00 R11: ff1c6a191a7d9800 R12: ff1c6a192d60ac00\n mcast\n R13: ff1c6a1d82200000 R14: ff1c6a1a04dc8000 R15: ff1c6a1a04dc82d8\n dev priv (\u0026priv-\u003elock) \u0026priv-\u003emulticast_list (aka head)\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n--- \u003cNMI exception stack\u003e ---\n #5 [ff646f199a8c7e00] ipoib_mcast_join_task+0x1b1 at ffffffffc0944ac1 [ib_ipoib]\n #6 [ff646f199a8c7e98] process_one_work+0x1a7 at ffffffff9bf10967\n\ncrash\u003e rx ff646f199a8c7e68\nff646f199a8c7e68: ff1c6a1a04dc82f8 \u003c\u003c\u003c work = \u0026priv-\u003emcast_task.work\n\ncrash\u003e list -hO ipoib_dev_priv.multicast_list ff1c6a1a04dc8000\n(empty)\n\ncrash\u003e ipoib_dev_priv.mcast_task.work.func,mcast_mutex.owner.counter ff1c6a1a04dc8000\n mcast_task.work.func = 0xffffffffc0944910 \u003cipoib_mcast_join_task\u003e,\n mcast_mutex.owner.counter = 0xff1c69998efec000\n\ncrash\u003e b 8\nPID: 8 TASK: ff1c69998efec000 CPU: 33 COMMAND: \"kworker/u72:0\"\n--\n #3 [ff646f1980153d50] wait_for_completion+0x96 at ffffffff9c7d7646\n #4 [ff646f1980153d90] ipoib_mcast_remove_list+0x56 at ffffffffc0944dc6 [ib_ipoib]\n #5 [ff646f1980153de8] ipoib_mcast_dev_flush+0x1a7 at ffffffffc09455a7 [ib_ipoib]\n #6 [ff646f1980153e58] __ipoib_ib_dev_flush+0x1a4 at ffffffffc09431a4 [ib_ipoib]\n #7 [ff\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:17.602Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4c8922ae8eb8dcc1e4b7d1059d97a8334288d825"
},
{
"url": "https://git.kernel.org/stable/c/615e3adc2042b7be4ad122a043fc9135e6342c90"
},
{
"url": "https://git.kernel.org/stable/c/ac2630fd3c90ffec34a0bfc4d413668538b0e8f2"
},
{
"url": "https://git.kernel.org/stable/c/ed790bd0903ed3352ebf7f650d910f49b7319b34"
},
{
"url": "https://git.kernel.org/stable/c/5108a2dc2db5630fb6cd58b8be80a0c134bc310a"
},
{
"url": "https://git.kernel.org/stable/c/342258fb46d66c1b4c7e2c3717ac01e10c03cf18"
},
{
"url": "https://git.kernel.org/stable/c/7c7bd4d561e9dc6f5b7df9e184974915f6701a89"
},
{
"url": "https://git.kernel.org/stable/c/4f973e211b3b1c6d36f7c6a19239d258856749f9"
}
],
"title": "IB/ipoib: Fix mcast list locking",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52587",
"datePublished": "2024-03-06T06:45:21.418Z",
"dateReserved": "2024-03-02T21:55:42.570Z",
"dateUpdated": "2025-05-04T07:39:17.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26615 (GCVE-0-2024-26615)
Vulnerability from cvelistv5
Published
2024-02-29 15:52
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix illegal rmb_desc access in SMC-D connection dump
A crash was found when dumping SMC-D connections. It can be reproduced
by following steps:
- run nginx/wrk test:
smc_run nginx
smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL>
- continuously dump SMC-D connections in parallel:
watch -n 1 'smcss -D'
BUG: kernel NULL pointer dereference, address: 0000000000000030
CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55
RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
Call Trace:
<TASK>
? __die+0x24/0x70
? page_fault_oops+0x66/0x150
? exc_page_fault+0x69/0x140
? asm_exc_page_fault+0x26/0x30
? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]
? __kmalloc_node_track_caller+0x35d/0x430
? __alloc_skb+0x77/0x170
smc_diag_dump_proto+0xd0/0xf0 [smc_diag]
smc_diag_dump+0x26/0x60 [smc_diag]
netlink_dump+0x19f/0x320
__netlink_dump_start+0x1dc/0x300
smc_diag_handler_dump+0x6a/0x80 [smc_diag]
? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]
sock_diag_rcv_msg+0x121/0x140
? __pfx_sock_diag_rcv_msg+0x10/0x10
netlink_rcv_skb+0x5a/0x110
sock_diag_rcv+0x28/0x40
netlink_unicast+0x22a/0x330
netlink_sendmsg+0x1f8/0x420
__sock_sendmsg+0xb0/0xc0
____sys_sendmsg+0x24e/0x300
? copy_msghdr_from_user+0x62/0x80
___sys_sendmsg+0x7c/0xd0
? __do_fault+0x34/0x160
? do_read_fault+0x5f/0x100
? do_fault+0xb0/0x110
? __handle_mm_fault+0x2b0/0x6c0
__sys_sendmsg+0x4d/0x80
do_syscall_64+0x69/0x180
entry_SYSCALL_64_after_hwframe+0x6e/0x76
It is possible that the connection is in process of being established
when we dump it. Assumed that the connection has been registered in a
link group by smc_conn_create() but the rmb_desc has not yet been
initialized by smc_buf_create(), thus causing the illegal access to
conn->rmb_desc. So fix it by checking before dump.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d Version: 4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:57:17.586367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "27aea64838914c6122db5b8bd4bed865c9736f22",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "1fea9969b81c67d0cb1611d1b8b7d19049d937be",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "68b888d51ac82f2b96bf5e077a31d76afcdef25a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "6994dba06321e3c48fdad0ba796a063d9d82183a",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "a164c2922675d7051805cdaf2b07daffe44f20d9",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "8f3f9186e5bb96a9c9654c41653210e3ea7e48a6",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
},
{
"lessThan": "dbc153fd3c142909e564bb256da087e13fbf239c",
"status": "affected",
"version": "4b1b7d3b30a6d32ac1a1dcede284e76ef8a8542d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_diag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d \u003cduration\u003e -H \u0027Connection: Close\u0027 \u003cURL\u003e\n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 \u0027smcss -D\u0027\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn-\u003ermb_desc. So fix it by checking before dump."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:21.717Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22"
},
{
"url": "https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be"
},
{
"url": "https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d"
},
{
"url": "https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a"
},
{
"url": "https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a"
},
{
"url": "https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9"
},
{
"url": "https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6"
},
{
"url": "https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c"
}
],
"title": "net/smc: fix illegal rmb_desc access in SMC-D connection dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26615",
"datePublished": "2024-02-29T15:52:18.843Z",
"dateReserved": "2024-02-19T14:20:24.131Z",
"dateUpdated": "2025-05-04T08:52:21.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52509 (GCVE-0-2023-52509)
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
The ravb_stop() should call cancel_work_sync(). Otherwise,
ravb_tx_timeout_work() is possible to use the freed priv after
ravb_remove() was called like below:
CPU0 CPU1
ravb_tx_timeout()
ravb_remove()
unregister_netdev()
free_netdev(ndev)
// free priv
ravb_tx_timeout_work()
// use priv
unregister_netdev() will call .ndo_stop() so that ravb_stop() is
called. And, after phy_stop() is called, netif_carrier_off()
is also called. So that .ndo_tx_timeout() will not be called
after phy_stop().
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: c156633f1353264634135dea86ffcae74f2122fc Version: c156633f1353264634135dea86ffcae74f2122fc Version: c156633f1353264634135dea86ffcae74f2122fc Version: c156633f1353264634135dea86ffcae74f2122fc Version: c156633f1353264634135dea86ffcae74f2122fc Version: c156633f1353264634135dea86ffcae74f2122fc |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T20:38:43.674426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:38:50.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "65d34cfd4e347054eb4193bc95d9da7eaa72dee5",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
},
{
"lessThan": "db9aafa19547833240f58c2998aed7baf414dc82",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
},
{
"lessThan": "616761cf9df9af838c0a1a1232a69322a9eb67e6",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
},
{
"lessThan": "6f6fa8061f756aedb93af12a8a5d3cf659127965",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
},
{
"lessThan": "105abd68ad8f781985113aee2e92e0702b133705",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
},
{
"lessThan": "3971442870713de527684398416970cf025b4f89",
"status": "affected",
"version": "c156633f1353264634135dea86ffcae74f2122fc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/renesas/ravb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nravb: Fix use-after-free issue in ravb_tx_timeout_work()\n\nThe ravb_stop() should call cancel_work_sync(). Otherwise,\nravb_tx_timeout_work() is possible to use the freed priv after\nravb_remove() was called like below:\n\nCPU0\t\t\tCPU1\n\t\t\travb_tx_timeout()\nravb_remove()\nunregister_netdev()\nfree_netdev(ndev)\n// free priv\n\t\t\travb_tx_timeout_work()\n\t\t\t// use priv\n\nunregister_netdev() will call .ndo_stop() so that ravb_stop() is\ncalled. And, after phy_stop() is called, netif_carrier_off()\nis also called. So that .ndo_tx_timeout() will not be called\nafter phy_stop()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:16.664Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5"
},
{
"url": "https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82"
},
{
"url": "https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6"
},
{
"url": "https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965"
},
{
"url": "https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705"
},
{
"url": "https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89"
}
],
"title": "ravb: Fix use-after-free issue in ravb_tx_timeout_work()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52509",
"datePublished": "2024-03-02T21:52:22.006Z",
"dateReserved": "2024-02-20T12:30:33.315Z",
"dateUpdated": "2025-05-04T07:38:16.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52817 (GCVE-0-2023-52817)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:
1. Navigate to the directory: /sys/kernel/debug/dri/0
2. Execute command: cat amdgpu_regs_smc
3. Exception Log::
[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000
[4005007.702562] #PF: supervisor instruction fetch in kernel mode
[4005007.702567] #PF: error_code(0x0010) - not-present page
[4005007.702570] PGD 0 P4D 0
[4005007.702576] Oops: 0010 [#1] SMP NOPTI
[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u
[4005007.702590] RIP: 0010:0x0
[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206
[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68
[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000
[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980
[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000
[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000
[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000
[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0
[4005007.702633] Call Trace:
[4005007.702636] <TASK>
[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]
[4005007.703002] full_proxy_read+0x5c/0x80
[4005007.703011] vfs_read+0x9f/0x1a0
[4005007.703019] ksys_read+0x67/0xe0
[4005007.703023] __x64_sys_read+0x19/0x20
[4005007.703028] do_syscall_64+0x5c/0xc0
[4005007.703034] ? do_user_addr_fault+0x1e3/0x670
[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0
[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20
[4005007.703052] ? irqentry_exit+0x19/0x30
[4005007.703057] ? exc_page_fault+0x89/0x160
[4005007.703062] ? asm_exc_page_fault+0x8/0x30
[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae
[4005007.703075] RIP: 0033:0x7f5e07672992
[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24
[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992
[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003
[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010
[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000
[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000
[4005007.703105] </TASK>
[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca
[4005007.703184] CR2: 0000000000000000
[4005007.703188] ---[ en
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T14:18:47.738827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T14:19:04.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bf2d51eedf03bd61e3556e35d74d49e2e6112398",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "437e0fa907ba39b4d7eda863c03ea9cf48bd93a9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f475d5502f33a6c5b149b0afe96316ad1962a64a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "174f62a0aa15c211e60208b41ee9e7cdfb73d455",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c1b3d89a2dda79881726bb6e37af19c0936d736",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "820daf9ffe2b0afb804567b10983fb38bc5ae288",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ba3c0796d292de84f2932cc5bbb0f771fc720996",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5104fdf50d326db2c1a994f8b35dcd46e63ae4ad",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL\n\nIn certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:\n\n1. Navigate to the directory: /sys/kernel/debug/dri/0\n2. Execute command: cat amdgpu_regs_smc\n3. Exception Log::\n[4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[4005007.702562] #PF: supervisor instruction fetch in kernel mode\n[4005007.702567] #PF: error_code(0x0010) - not-present page\n[4005007.702570] PGD 0 P4D 0\n[4005007.702576] Oops: 0010 [#1] SMP NOPTI\n[4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u\n[4005007.702590] RIP: 0010:0x0\n[4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n[4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206\n[4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68\n[4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000\n[4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980\n[4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000\n[4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000\n[4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000\n[4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0\n[4005007.702633] Call Trace:\n[4005007.702636] \u003cTASK\u003e\n[4005007.702640] amdgpu_debugfs_regs_smc_read+0xb0/0x120 [amdgpu]\n[4005007.703002] full_proxy_read+0x5c/0x80\n[4005007.703011] vfs_read+0x9f/0x1a0\n[4005007.703019] ksys_read+0x67/0xe0\n[4005007.703023] __x64_sys_read+0x19/0x20\n[4005007.703028] do_syscall_64+0x5c/0xc0\n[4005007.703034] ? do_user_addr_fault+0x1e3/0x670\n[4005007.703040] ? exit_to_user_mode_prepare+0x37/0xb0\n[4005007.703047] ? irqentry_exit_to_user_mode+0x9/0x20\n[4005007.703052] ? irqentry_exit+0x19/0x30\n[4005007.703057] ? exc_page_fault+0x89/0x160\n[4005007.703062] ? asm_exc_page_fault+0x8/0x30\n[4005007.703068] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[4005007.703075] RIP: 0033:0x7f5e07672992\n[4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24\n[4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIG_RAX: 0000000000000000\n[4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992\n[4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003\n[4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010\n[4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000\n[4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000\n[4005007.703105] \u003c/TASK\u003e\n[4005007.703107] Modules linked in: nf_tables libcrc32c nfnetlink algif_hash af_alg binfmt_misc nls_ iso8859_1 ipmi_ssif ast intel_rapl_msr intel_rapl_common drm_vram_helper drm_ttm_helper amd64_edac t tm edac_mce_amd kvm_amd ccp mac_hid k10temp kvm acpi_ipmi ipmi_si rapl sch_fq_codel ipmi_devintf ipm i_msghandler msr parport_pc ppdev lp parport mtd pstore_blk efi_pstore ramoops pstore_zone reed_solo mon ip_tables x_tables autofs4 ib_uverbs ib_core amdgpu(OE) amddrm_ttm_helper(OE) amdttm(OE) iommu_v 2 amd_sched(OE) amdkcl(OE) drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec rc_core drm igb ahci xhci_pci libahci i2c_piix4 i2c_algo_bit xhci_pci_renesas dca\n[4005007.703184] CR2: 0000000000000000\n[4005007.703188] ---[ en\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:45.225Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bf2d51eedf03bd61e3556e35d74d49e2e6112398"
},
{
"url": "https://git.kernel.org/stable/c/437e0fa907ba39b4d7eda863c03ea9cf48bd93a9"
},
{
"url": "https://git.kernel.org/stable/c/f475d5502f33a6c5b149b0afe96316ad1962a64a"
},
{
"url": "https://git.kernel.org/stable/c/174f62a0aa15c211e60208b41ee9e7cdfb73d455"
},
{
"url": "https://git.kernel.org/stable/c/6c1b3d89a2dda79881726bb6e37af19c0936d736"
},
{
"url": "https://git.kernel.org/stable/c/820daf9ffe2b0afb804567b10983fb38bc5ae288"
},
{
"url": "https://git.kernel.org/stable/c/ba3c0796d292de84f2932cc5bbb0f771fc720996"
},
{
"url": "https://git.kernel.org/stable/c/5104fdf50d326db2c1a994f8b35dcd46e63ae4ad"
}
],
"title": "drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52817",
"datePublished": "2024-05-21T15:31:24.225Z",
"dateReserved": "2024-05-21T15:19:24.249Z",
"dateUpdated": "2025-05-04T07:43:45.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0193 (GCVE-0-2024-0193)
Vulnerability from cvelistv5
Published
2024-01-02 18:05
Modified
2025-08-01 18:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T13:17:27.203202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T13:17:46.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:1018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1018"
},
{
"name": "RHSA-2024:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1019"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:4412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4412"
},
{
"name": "RHSA-2024:4415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4415"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0193"
},
{
"name": "RHBZ#2255653",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.kernel.org/pub/scm/linux/kernel",
"defaultStatus": "affected",
"packageName": "kernel"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos",
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.105.1.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::nfv",
"cpe:/a:redhat:rhel_e4s:9.0::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-70.105.1.rt21.177.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.55.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.55.1.rt14.340.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T18:10:49.890Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:1018",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1018"
},
{
"name": "RHSA-2024:1019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1019"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"name": "RHSA-2024:4412",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4412"
},
{
"name": "RHSA-2024:4415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:4415"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0193"
},
{
"name": "RHBZ#2255653",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-22T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled."
}
],
"x_redhatCweChain": "CWE-416: Use After Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0193",
"datePublished": "2024-01-02T18:05:13.332Z",
"dateReserved": "2024-01-02T10:58:11.805Z",
"dateUpdated": "2025-08-01T18:10:49.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52867 (GCVE-0-2023-52867)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: possible buffer overflow
Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is
checked after access.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 Version: 5cc4e5fc293bfe2634535f544427e8c6061492a5 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:50:12.334865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:41.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/evergreen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "112d4b02d94bf9fa4f1d3376587878400dd74783",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "caaa74541459c4c9e2c10046cf66ad2890483d0f",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "ddc42881f170f1f518496f5a70447501335fc783",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "7b063c93bece827fde237fae1c101bceeee4e896",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "347f025a02b3a5d715a0b471fc3b1439c338ad94",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "341e79f8aec6af6b0061b8171d77b085835c6a58",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "d9b4fa249deaae1145d6fc2b64dae718e5c7a855",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "19534a7a225f1bf2da70a9a90d41d0215f8f6b45",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
},
{
"lessThan": "dd05484f99d16715a88eedfca363828ef9a4c2d4",
"status": "affected",
"version": "5cc4e5fc293bfe2634535f544427e8c6061492a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/evergreen.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.13"
},
{
"lessThan": "4.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: possible buffer overflow\n\nBuffer \u0027afmt_status\u0027 of size 6 could overflow, since index \u0027afmt_idx\u0027 is\nchecked after access."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:37.299Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/112d4b02d94bf9fa4f1d3376587878400dd74783"
},
{
"url": "https://git.kernel.org/stable/c/caaa74541459c4c9e2c10046cf66ad2890483d0f"
},
{
"url": "https://git.kernel.org/stable/c/ddc42881f170f1f518496f5a70447501335fc783"
},
{
"url": "https://git.kernel.org/stable/c/7b063c93bece827fde237fae1c101bceeee4e896"
},
{
"url": "https://git.kernel.org/stable/c/347f025a02b3a5d715a0b471fc3b1439c338ad94"
},
{
"url": "https://git.kernel.org/stable/c/341e79f8aec6af6b0061b8171d77b085835c6a58"
},
{
"url": "https://git.kernel.org/stable/c/d9b4fa249deaae1145d6fc2b64dae718e5c7a855"
},
{
"url": "https://git.kernel.org/stable/c/19534a7a225f1bf2da70a9a90d41d0215f8f6b45"
},
{
"url": "https://git.kernel.org/stable/c/dd05484f99d16715a88eedfca363828ef9a4c2d4"
}
],
"title": "drm/radeon: possible buffer overflow",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52867",
"datePublished": "2024-05-21T15:31:57.866Z",
"dateReserved": "2024-05-21T15:19:24.262Z",
"dateUpdated": "2025-05-04T07:44:37.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52832 (GCVE-0-2023-52832)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
We can get a UBSAN warning if ieee80211_get_tx_power() returns the
INT_MIN value mac80211 internally uses for "unset power level".
UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5
-2147483648 * 100 cannot be represented in type 'int'
CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE
Call Trace:
dump_stack+0x74/0x92
ubsan_epilogue+0x9/0x50
handle_overflow+0x8d/0xd0
__ubsan_handle_mul_overflow+0xe/0x10
nl80211_send_iface+0x688/0x6b0 [cfg80211]
[...]
cfg80211_register_wdev+0x78/0xb0 [cfg80211]
cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]
[...]
ieee80211_if_add+0x60e/0x8f0 [mac80211]
ieee80211_register_hw+0xda5/0x1170 [mac80211]
In this case, simply return an error instead, to indicate
that no data is available.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "1da177e4c3f4"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.14.331"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "4.19.300"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.4.262"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.202"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.140"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.64"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.5.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.3"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52832",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T19:51:54.630981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-920",
"description": "CWE-920 Improper Restriction of Power Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:53:19.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1571120c44dbe5757aee1612c5b6097cdc42710f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "298e767362cade639b7121ecb3cc5345b6529f62",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "efeae5f4972f75d50002bc50eb112ab9e7069b18",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "717de20abdcd1d4993fa450e28b8086a352620ea",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "21a0f310a9f3bfd2b4cf4f382430e638607db846",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2be24c47ac19bf639c48c082486c08888bd603c6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "adc2474d823fe81d8da759207f4f1d3691aa775a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5a94cffe90e20e8fade0b9abd4370bd671fe87c7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e160ab85166e77347d0cbe5149045cb25e83937f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mac80211/cfg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: don\u0027t return unset power in ieee80211_get_tx_power()\n\nWe can get a UBSAN warning if ieee80211_get_tx_power() returns the\nINT_MIN value mac80211 internally uses for \"unset power level\".\n\n UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5\n -2147483648 * 100 cannot be represented in type \u0027int\u0027\n CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE\n Call Trace:\n dump_stack+0x74/0x92\n ubsan_epilogue+0x9/0x50\n handle_overflow+0x8d/0xd0\n __ubsan_handle_mul_overflow+0xe/0x10\n nl80211_send_iface+0x688/0x6b0 [cfg80211]\n [...]\n cfg80211_register_wdev+0x78/0xb0 [cfg80211]\n cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211]\n [...]\n ieee80211_if_add+0x60e/0x8f0 [mac80211]\n ieee80211_register_hw+0xda5/0x1170 [mac80211]\n\nIn this case, simply return an error instead, to indicate\nthat no data is available."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:56.728Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f"
},
{
"url": "https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62"
},
{
"url": "https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18"
},
{
"url": "https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea"
},
{
"url": "https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846"
},
{
"url": "https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6"
},
{
"url": "https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a"
},
{
"url": "https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7"
},
{
"url": "https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f"
}
],
"title": "wifi: mac80211: don\u0027t return unset power in ieee80211_get_tx_power()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52832",
"datePublished": "2024-05-21T15:31:34.247Z",
"dateReserved": "2024-05-21T15:19:24.252Z",
"dateUpdated": "2025-05-04T07:43:56.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5678 (GCVE-0-2023-5678)
Vulnerability from cvelistv5
Published
2023-11-06 15:47
Modified
2024-10-14 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-606 - Unchecked Input for Loop Condition
Summary
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() doesn't make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.
Likewise, while DH_generate_key() performs a check for an excessively large
P, it doesn't check for an excessively large Q.
An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.
DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().
Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20231106.txt"
},
{
"name": "1.0.2zj git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
},
{
"name": "1.1.1x git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
},
{
"name": "3.0.13 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
},
{
"name": "3.1.5 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "1.0.2zj",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
},
{
"lessThan": "1.1.1x",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "3.0.13",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "3.1.5",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Richard Levitte"
}
],
"datePublic": "2023-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Generating excessively long X9.42 DH keys or checking\u003cbr\u003eexcessively long X9.42 DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_generate_key() to\u003cbr\u003egenerate an X9.42 DH key may experience long delays. Likewise, applications\u003cbr\u003ethat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\u003cbr\u003eto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\u003cbr\u003eWhere the key or parameters that are being checked have been obtained from\u003cbr\u003ean untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\u003cbr\u003eDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\u003cbr\u003evulnerable for excessively large P and Q parameters.\u003cbr\u003e\u003cbr\u003eLikewise, while DH_generate_key() performs a check for an excessively large\u003cbr\u003eP, it doesn\u0027t check for an excessively large Q.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_generate_key() or DH_check_pub_key() and\u003cbr\u003esupplies a key or parameters obtained from an untrusted source could be\u003cbr\u003evulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eDH_generate_key() and DH_check_pub_key() are also called by a number of\u003cbr\u003eother OpenSSL functions. An application calling any of those other\u003cbr\u003efunctions may similarly be affected. The other functions affected by this\u003cbr\u003eare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL pkey command line application when using the\u003cbr\u003e\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn\u0027t make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn\u0027t check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "LOW"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "CWE-606 Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T14:55:53.778Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20231106.txt"
},
{
"name": "1.0.2zj git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
},
{
"name": "1.1.1x git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
},
{
"name": "3.0.13 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
},
{
"name": "3.1.5 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Excessive time spent in DH check / generation with large Q parameter value",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-5678",
"datePublished": "2023-11-06T15:47:30.795Z",
"dateReserved": "2023-10-20T09:38:43.518Z",
"dateUpdated": "2024-10-14T14:55:53.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52510 (GCVE-0-2023-52510)
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ieee802154: ca8210: Fix a potential UAF in ca8210_probe
If of_clk_add_provider() fails in ca8210_register_ext_clock(),
it calls clk_unregister() to release priv->clk and returns an
error. However, the caller ca8210_probe() then calls ca8210_remove(),
where priv->clk is freed again in ca8210_unregister_ext_clock(). In
this case, a use-after-free may happen in the second time we call
clk_unregister().
Fix this by removing the first clk_unregister(). Also, priv->clk could
be an error code on failure of clk_register_fixed_rate(). Use
IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 Version: ded845a781a578dfb0b5b2c138e5a067aa3b1242 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-04T19:37:23.493520Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:32.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ieee802154/ca8210.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "28b68cba378e3e50a4082b65f262bc4f2c7c2add",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "85c2857ef90041f567ce98722c1c342c4d31f4bc",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "55e06850c7894f00d41b767c5f5665459f83f58f",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "84c6aa0ae5c4dc121f9996bb8fed46c80909d80e",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "217efe32a45249eb07dcd7197e8403de98345e66",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "becf5c147198f4345243c5df0c4f035415491640",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
},
{
"lessThan": "f990874b1c98fe8e57ee9385669f501822979258",
"status": "affected",
"version": "ded845a781a578dfb0b5b2c138e5a067aa3b1242",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ieee802154/ca8210.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nieee802154: ca8210: Fix a potential UAF in ca8210_probe\n\nIf of_clk_add_provider() fails in ca8210_register_ext_clock(),\nit calls clk_unregister() to release priv-\u003eclk and returns an\nerror. However, the caller ca8210_probe() then calls ca8210_remove(),\nwhere priv-\u003eclk is freed again in ca8210_unregister_ext_clock(). In\nthis case, a use-after-free may happen in the second time we call\nclk_unregister().\n\nFix this by removing the first clk_unregister(). Also, priv-\u003eclk could\nbe an error code on failure of clk_register_fixed_rate(). Use\nIS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:17.788Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add"
},
{
"url": "https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d"
},
{
"url": "https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc"
},
{
"url": "https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f"
},
{
"url": "https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e"
},
{
"url": "https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66"
},
{
"url": "https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f035415491640"
},
{
"url": "https://git.kernel.org/stable/c/f990874b1c98fe8e57ee9385669f501822979258"
}
],
"title": "ieee802154: ca8210: Fix a potential UAF in ca8210_probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52510",
"datePublished": "2024-03-02T21:52:22.645Z",
"dateReserved": "2024-02-20T12:30:33.315Z",
"dateUpdated": "2025-05-04T07:38:17.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26671 (GCVE-0-2024-26671)
Vulnerability from cvelistv5
Published
2024-04-02 06:49
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix IO hang from sbitmap wakeup race
In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered
with the following blk_mq_get_driver_tag() in case of getting driver
tag failure.
Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe
the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime
blk_mq_mark_tag_wait() can't get driver tag successfully.
This issue can be reproduced by running the following test in loop, and
fio hang can be observed in < 30min when running it on my test VM
in laptop.
modprobe -r scsi_debug
modprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4
dev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`
fio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \
--runtime=100 --numjobs=40 --time_based --name=test \
--ioengine=libaio
Fix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which
is just fine in case of running out of tag.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:32.693372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:37.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9525b38180e2753f0daa1a522b7767a2aa969676",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7610ba1319253225a9ba8a9d28d472fc883b4e2f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "89e0e66682e1538aeeaa3109503473663cd24c8b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d9c777d3e70bdc57dddf7a14a80059d65919e56",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d8b01624a2540336a32be91f25187a433af53a0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f1bc0d8163f8ee84a8d5affdf624cfad657df1d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5266caaf5660529e3da53004b8b7174cab6374ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can\u0027t get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in \u003c 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/\"$dev\" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:36.352Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676"
},
{
"url": "https://git.kernel.org/stable/c/ecd7744a1446eb02ccc63e493e2eb6ede4ef1e10"
},
{
"url": "https://git.kernel.org/stable/c/7610ba1319253225a9ba8a9d28d472fc883b4e2f"
},
{
"url": "https://git.kernel.org/stable/c/89e0e66682e1538aeeaa3109503473663cd24c8b"
},
{
"url": "https://git.kernel.org/stable/c/1d9c777d3e70bdc57dddf7a14a80059d65919e56"
},
{
"url": "https://git.kernel.org/stable/c/6d8b01624a2540336a32be91f25187a433af53a0"
},
{
"url": "https://git.kernel.org/stable/c/f1bc0d8163f8ee84a8d5affdf624cfad657df1d2"
},
{
"url": "https://git.kernel.org/stable/c/5266caaf5660529e3da53004b8b7174cab6374ed"
}
],
"title": "blk-mq: fix IO hang from sbitmap wakeup race",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26671",
"datePublished": "2024-04-02T06:49:13.834Z",
"dateReserved": "2024-02-19T14:20:24.150Z",
"dateUpdated": "2025-05-04T08:53:36.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52477 (GCVE-0-2023-52477)
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: hub: Guard against accesses to uninitialized BOS descriptors
Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h
access fields inside udev->bos without checking if it was allocated and
initialized. If usb_get_bos_descriptor() fails for whatever
reason, udev->bos will be NULL and those accesses will result in a
crash:
BUG: kernel NULL pointer dereference, address: 0000000000000018
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1>
Hardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021
Workqueue: usb_hub_wq hub_event
RIP: 0010:hub_port_reset+0x193/0x788
Code: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9
RSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310
RDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840
RBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0
Call Trace:
hub_event+0x73f/0x156e
? hub_activate+0x5b7/0x68f
process_one_work+0x1a2/0x487
worker_thread+0x11a/0x288
kthread+0x13a/0x152
? process_one_work+0x487/0x487
? kthread_associate_blkcg+0x70/0x70
ret_from_fork+0x1f/0x30
Fall back to a default behavior if the BOS descriptor isn't accessible
and skip all the functionalities that depend on it: LPM support checks,
Super Speed capabilitiy checks, U1/U2 states setup.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:17:48.164174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:00.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e7346bfea56453e31b7421c1c17ca2fb9ed613d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ad3e9fd3632106696692232bf7ff88b9f7e1bc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/241f230324337ed5eae3846a554fb6d15169872c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb9895ab9533534335fa83d70344b397ac862c81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/136f69a04e71ba3458d137aec3bb2ce1232c0289"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f74a7afc224acd5e922c7a2e52244d891bbe44ee"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/hub.c",
"drivers/usb/core/hub.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c64e4dca9aefd232b17ac4c779b608b286654e81",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8e7346bfea56453e31b7421c1c17ca2fb9ed613d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6ad3e9fd3632106696692232bf7ff88b9f7e1bc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "241f230324337ed5eae3846a554fb6d15169872c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fb9895ab9533534335fa83d70344b397ac862c81",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "136f69a04e71ba3458d137aec3bb2ce1232c0289",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f74a7afc224acd5e922c7a2e52244d891bbe44ee",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/hub.c",
"drivers/usb/core/hub.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: hub: Guard against accesses to uninitialized BOS descriptors\n\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev-\u003ebos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev-\u003ebos will be NULL and those accesses will result in a\ncrash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 \u003cHASH:1f9e 1\u003e\nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 \u003c48\u003e 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\n\nFall back to a default behavior if the BOS descriptor isn\u0027t accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:31.719Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c64e4dca9aefd232b17ac4c779b608b286654e81"
},
{
"url": "https://git.kernel.org/stable/c/8e7346bfea56453e31b7421c1c17ca2fb9ed613d"
},
{
"url": "https://git.kernel.org/stable/c/6ad3e9fd3632106696692232bf7ff88b9f7e1bc3"
},
{
"url": "https://git.kernel.org/stable/c/241f230324337ed5eae3846a554fb6d15169872c"
},
{
"url": "https://git.kernel.org/stable/c/528f0ba9f7a4bc1b61c9b6eb591ff97ca37cac6b"
},
{
"url": "https://git.kernel.org/stable/c/fb9895ab9533534335fa83d70344b397ac862c81"
},
{
"url": "https://git.kernel.org/stable/c/136f69a04e71ba3458d137aec3bb2ce1232c0289"
},
{
"url": "https://git.kernel.org/stable/c/f74a7afc224acd5e922c7a2e52244d891bbe44ee"
}
],
"title": "usb: hub: Guard against accesses to uninitialized BOS descriptors",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52477",
"datePublished": "2024-02-29T05:43:10.088Z",
"dateReserved": "2024-02-20T12:30:33.298Z",
"dateUpdated": "2025-05-04T07:37:31.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26766 (GCVE-0-2024-26766)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
Unfortunately the commit `fd8958efe877` introduced another error
causing the `descs` array to overflow. This reults in further crashes
easily reproducible by `sendmsg` system call.
[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI
[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]
--
[ 1080.974535] Call Trace:
[ 1080.976990] <TASK>
[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]
[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]
[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]
[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]
[ 1081.046978] dev_hard_start_xmit+0xc4/0x210
--
[ 1081.148347] __sys_sendmsg+0x59/0xa0
crash> ipoib_txreq 0xffff9cfeba229f00
struct ipoib_txreq {
txreq = {
list = {
next = 0xffff9cfeba229f00,
prev = 0xffff9cfeba229f00
},
descp = 0xffff9cfeba229f40,
coalesce_buf = 0x0,
wait = 0xffff9cfea4e69a48,
complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>,
packet_len = 0x46d,
tlen = 0x0,
num_desc = 0x0,
desc_limit = 0x6,
next_descq_idx = 0x45c,
coalesce_idx = 0x0,
flags = 0x0,
descs = {{
qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)
}, {
qw = { 0x3800014231b108, 0x4}
}, {
qw = { 0x310000e4ee0fcf0, 0x8}
}, {
qw = { 0x3000012e9f8000, 0x8}
}, {
qw = { 0x59000dfb9d0000, 0x8}
}, {
qw = { 0x78000e02e40000, 0x8}
}}
},
sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure
sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)
complete = 0x0,
priv = 0x0,
txq = 0xffff9cfea4e69880,
skb = 0xffff9d099809f400
}
If an SDMA send consists of exactly 6 descriptors and requires dword
padding (in the 7th descriptor), the sdma_txreq descriptor array is not
properly expanded and the packet will overflow into the container
structure. This results in a panic when the send completion runs. The
exact panic varies depending on what elements of the container structure
get corrupted. The fix is to use the correct expression in
_pad_sdma_tx_descs() to test the need to expand the descriptor array.
With this patch the crashes are no longer reproducible and the machine is
stable.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: d1c1ee052d25ca23735eea912f843bc7834781b4 Version: 40ac5cb6cbb01afa40881f78b4d2f559fb7065c4 Version: 6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179 Version: bd57756a7e43c7127d0eca1fc5868e705fd0f7ba Version: eeaf35f4e3b360162081de5e744cf32d6d1b0091 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: fd8958efe8779d3db19c9124fce593ce681ac709 Version: 0ef9594936d1f078e8599a1cf683b052df2bec00 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26766",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T18:11:09.801717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:44.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "115b7f3bc1dce590a6851a2dcf23dc1100c49790",
"status": "affected",
"version": "d1c1ee052d25ca23735eea912f843bc7834781b4",
"versionType": "git"
},
{
"lessThan": "5833024a9856f454a964a198c63a57e59e07baf5",
"status": "affected",
"version": "40ac5cb6cbb01afa40881f78b4d2f559fb7065c4",
"versionType": "git"
},
{
"lessThan": "3f38d22e645e2e994979426ea5a35186102ff3c2",
"status": "affected",
"version": "6cf8f3d690bb5ad31ef0f41a6206ecf5a068d179",
"versionType": "git"
},
{
"lessThan": "47ae64df23ed1318e27bd9844e135a5e1c0e6e39",
"status": "affected",
"version": "bd57756a7e43c7127d0eca1fc5868e705fd0f7ba",
"versionType": "git"
},
{
"lessThan": "52dc9a7a573dbf778625a0efca0fca55489f084b",
"status": "affected",
"version": "eeaf35f4e3b360162081de5e744cf32d6d1b0091",
"versionType": "git"
},
{
"lessThan": "a2fef1d81becf4ff60e1a249477464eae3c3bc2a",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "9034a1bec35e9f725315a3bb6002ef39666114d9",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"lessThan": "e6f57c6881916df39db7d95981a8ad2b9c3458d6",
"status": "affected",
"version": "fd8958efe8779d3db19c9124fce593ce681ac709",
"versionType": "git"
},
{
"status": "affected",
"version": "0ef9594936d1f078e8599a1cf683b052df2bec00",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/hfi1/sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.15.99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \u003cTASK\u003e\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, \u003c\u003c\u003c invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:42.053Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790"
},
{
"url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5"
},
{
"url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2"
},
{
"url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39"
},
{
"url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b"
},
{
"url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a"
},
{
"url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9"
},
{
"url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6"
}
],
"title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26766",
"datePublished": "2024-04-03T17:00:48.642Z",
"dateReserved": "2024-02-19T14:20:24.173Z",
"dateUpdated": "2025-05-04T12:54:42.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44879 (GCVE-0-2021-44879)
Vulnerability from cvelistv5
Published
2022-02-13 00:00
Modified
2024-08-04 04:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=215231"
},
{
"tags": [
"x_transferred"
],
"url": "https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T21:06:29.625692",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=215231"
},
{
"url": "https://lore.kernel.org/linux-f2fs-devel/20211206144421.3735-3-chao%40kernel.org/T/"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9056d6489f5a41cfbb67f719d2c0ce61ead72d9f"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44879",
"datePublished": "2022-02-13T00:00:00",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-04T04:32:13.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52843 (GCVE-0-2023-52843)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: verify mac len before reading mac header
LLC reads the mac header with eth_hdr without verifying that the skb
has an Ethernet header.
Syzbot was able to enter llc_rcv on a tun device. Tun can insert
packets without mac len and with user configurable skb->protocol
(passing a tun_pi header when not configuring IFF_NO_PI).
BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]
llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111
llc_rcv+0xc5d/0x14a0 net/llc/llc_input.c:218
__netif_receive_skb_one_core net/core/dev.c:5523 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637
netif_receive_skb_internal net/core/dev.c:5723 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5782
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x54c5/0x69c0 drivers/net/tun.c:2002
Add a mac_len test before all three eth_hdr(skb) calls under net/llc.
There are further uses in include/net/llc_pdu.h. All these are
protected by a test skb->protocol == ETH_P_802_2. Which does not
protect against this tun scenario.
But the mac_len test added in this patch in llc_fixup_skb will
indirectly protect those too. That is called from llc_rcv before any
other LLC code.
It is tempting to just add a blanket mac_len check in llc_rcv, but
not sure whether that could break valid LLC paths that do not assume
an Ethernet header. 802.2 LLC may be used on top of non-802.3
protocols in principle. The below referenced commit shows that used
to, on top of Token Ring.
At least one of the three eth_hdr uses goes back to before the start
of git history. But the one that syzbot exercises is introduced in
this commit. That commit is old enough (2008), that effectively all
stable kernels should receive this.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 Version: f83f1768f833cb45bc93429fdc552252a4f55ac3 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T18:03:39.566045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T18:04:29.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/llc_input.c",
"net/llc/llc_s_ac.c",
"net/llc/llc_station.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "900a4418e3f66a32db6baaf23f92b99c20ae6535",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "9a3f9054a5227d7567cba1fb821df48ccecad10c",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "cbdcdf42d15dac74c7287679fb2a9d955f8feb1f",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "3a2653828ffc6101aef80bf58d5b77484239f779",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "352887b3edd007cf9b0abc30fe9d98622acd859b",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "f980e9a57dfb9530f1f4ee41a2420f2a256d7b29",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "0a720d0259ad3521ec6c9e4199f9f6fc75bac77a",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
},
{
"lessThan": "7b3ba18703a63f6fd487183b9262b08e5632da1b",
"status": "affected",
"version": "f83f1768f833cb45bc93429fdc552252a4f55ac3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/llc_input.c",
"net/llc/llc_s_ac.c",
"net/llc/llc_station.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: verify mac len before reading mac header\n\nLLC reads the mac header with eth_hdr without verifying that the skb\nhas an Ethernet header.\n\nSyzbot was able to enter llc_rcv on a tun device. Tun can insert\npackets without mac len and with user configurable skb-\u003eprotocol\n(passing a tun_pi header when not configuring IFF_NO_PI).\n\n BUG: KMSAN: uninit-value in llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]\n BUG: KMSAN: uninit-value in llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111\n llc_station_ac_send_test_r net/llc/llc_station.c:81 [inline]\n llc_station_rcv+0x6fb/0x1290 net/llc/llc_station.c:111\n llc_rcv+0xc5d/0x14a0 net/llc/llc_input.c:218\n __netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\n netif_receive_skb_internal net/core/dev.c:5723 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5782\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x54c5/0x69c0 drivers/net/tun.c:2002\n\nAdd a mac_len test before all three eth_hdr(skb) calls under net/llc.\n\nThere are further uses in include/net/llc_pdu.h. All these are\nprotected by a test skb-\u003eprotocol == ETH_P_802_2. Which does not\nprotect against this tun scenario.\n\nBut the mac_len test added in this patch in llc_fixup_skb will\nindirectly protect those too. That is called from llc_rcv before any\nother LLC code.\n\nIt is tempting to just add a blanket mac_len check in llc_rcv, but\nnot sure whether that could break valid LLC paths that do not assume\nan Ethernet header. 802.2 LLC may be used on top of non-802.3\nprotocols in principle. The below referenced commit shows that used\nto, on top of Token Ring.\n\nAt least one of the three eth_hdr uses goes back to before the start\nof git history. But the one that syzbot exercises is introduced in\nthis commit. That commit is old enough (2008), that effectively all\nstable kernels should receive this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:09.610Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535"
},
{
"url": "https://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c"
},
{
"url": "https://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f"
},
{
"url": "https://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779"
},
{
"url": "https://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b"
},
{
"url": "https://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29"
},
{
"url": "https://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a"
},
{
"url": "https://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79"
},
{
"url": "https://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b"
}
],
"title": "llc: verify mac len before reading mac header",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52843",
"datePublished": "2024-05-21T15:31:41.872Z",
"dateReserved": "2024-05-21T15:19:24.254Z",
"dateUpdated": "2025-05-04T07:44:09.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52764 (GCVE-0-2023-52764)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: gspca: cpia1: shift-out-of-bounds in set_flicker
Syzkaller reported the following issue:
UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27
shift exponent 245 is too large for 32-bit type 'int'
When the value of the variable "sd->params.exposure.gain" exceeds the
number of bits in an integer, a shift-out-of-bounds error is reported. It
is triggered because the variable "currentexp" cannot be left-shifted by
more than the number of bits in an integer. In order to avoid invalid
range during left-shift, the conditional expression is added.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:37:06.356182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:31.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69bba62600bd91d6b7c1e8ca181faf8ac64f7060",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2eee8edfff90e22980a6b22079d238c3c9d323bb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f83c85ee88225319c52680792320c02158c2a9b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6b6b8692218da73b33b310d7c1df90f115bdd9a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "09cd8b561aa9796903710a1046957f2b112c8f26",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a647f27a7426d2fe1b40da7c8fa2b81354a51177",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "93bddd6529f187f510eec759f37d0569243c9809",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e2d7149b913d14352c82624e723ce1c211ca06d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "099be1822d1f095433f4b08af9cc9d6308ec1953",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/gspca/cpia1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type \u0027int\u0027\n\nWhen the value of the variable \"sd-\u003eparams.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:40.597Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060"
},
{
"url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb"
},
{
"url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b"
},
{
"url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a"
},
{
"url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26"
},
{
"url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177"
},
{
"url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809"
},
{
"url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3"
},
{
"url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953"
}
],
"title": "media: gspca: cpia1: shift-out-of-bounds in set_flicker",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52764",
"datePublished": "2024-05-21T15:30:49.032Z",
"dateReserved": "2024-05-21T15:19:24.238Z",
"dateUpdated": "2025-05-04T07:42:40.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52804 (GCVE-0-2023-52804)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add validity check for db_maxag and db_agpref
Both db_maxag and db_agpref are used as the index of the
db_agfree array, but there is currently no validity check for
db_maxag and db_agpref, which can lead to errors.
The following is related bug reported by Syzbot:
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20
index 7936 is out of range for type 'atomic_t[128]'
Add checking that the values of db_maxag and db_agpref are valid
indexes for the db_agfree array.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce15b0f1a431168f07b1cc6c9f71206a2db5c809"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32bd8f1cbcf8b663e29dd1f908ba3a129541a11b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6c8863fb3f57700ab583d875adda04caaf2278a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5013f8269887642cca784adc8db9b5f0b771533f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dca403bb035a565bb98ecc1dda5d30f676feda40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2323de34a3ae61a9f9b544c18583f71cea86721f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64933ab7b04881c6c18b21ff206c12278341c72e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:50.346379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a0649e2dd4a3595b5595a29d0064d047c2fae2fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ce15b0f1a431168f07b1cc6c9f71206a2db5c809",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "32bd8f1cbcf8b663e29dd1f908ba3a129541a11b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c6c8863fb3f57700ab583d875adda04caaf2278a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1f74d336990f37703a8eee77153463d65b67f70e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5013f8269887642cca784adc8db9b5f0b771533f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dca403bb035a565bb98ecc1dda5d30f676feda40",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2323de34a3ae61a9f9b544c18583f71cea86721f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64933ab7b04881c6c18b21ff206c12278341c72e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Add validity check for db_maxag and db_agpref\n\nBoth db_maxag and db_agpref are used as the index of the\ndb_agfree array, but there is currently no validity check for\ndb_maxag and db_agpref, which can lead to errors.\n\nThe following is related bug reported by Syzbot:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20\nindex 7936 is out of range for type \u0027atomic_t[128]\u0027\n\nAdd checking that the values of db_maxag and db_agpref are valid\nindexes for the db_agfree array."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:30.178Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb"
},
{
"url": "https://git.kernel.org/stable/c/ce15b0f1a431168f07b1cc6c9f71206a2db5c809"
},
{
"url": "https://git.kernel.org/stable/c/32bd8f1cbcf8b663e29dd1f908ba3a129541a11b"
},
{
"url": "https://git.kernel.org/stable/c/c6c8863fb3f57700ab583d875adda04caaf2278a"
},
{
"url": "https://git.kernel.org/stable/c/1f74d336990f37703a8eee77153463d65b67f70e"
},
{
"url": "https://git.kernel.org/stable/c/5013f8269887642cca784adc8db9b5f0b771533f"
},
{
"url": "https://git.kernel.org/stable/c/dca403bb035a565bb98ecc1dda5d30f676feda40"
},
{
"url": "https://git.kernel.org/stable/c/2323de34a3ae61a9f9b544c18583f71cea86721f"
},
{
"url": "https://git.kernel.org/stable/c/64933ab7b04881c6c18b21ff206c12278341c72e"
}
],
"title": "fs/jfs: Add validity check for db_maxag and db_agpref",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52804",
"datePublished": "2024-05-21T15:31:15.720Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:30.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52864 (GCVE-0-2023-52864)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: wmi: Fix opening of char device
Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via
file private data"), the miscdevice stores a pointer to itself inside
filp->private_data, which means that private_data will not be NULL when
wmi_char_open() is called. This might cause memory corruption should
wmi_char_open() be unable to find its driver, something which can
happen when the associated WMI device is deleted in wmi_free_devices().
Fix the problem by using the miscdevice pointer to retrieve the WMI
device data associated with a char device using container_of(). This
also avoids wmi_char_open() picking a wrong WMI device bound to a
driver with the same name as the original driver.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 Version: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:21:10.578430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:07.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf098e937dd125c0317a0d6f261ac2a950a233d6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "d426a2955e45a95b2282764105fcfb110a540453",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "e0bf076b734a2fab92d8fddc2b8b03462eee7097",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "44a96796d25809502c75771d40ee693c2e44724e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "36d85fa7ae0d6be651c1a745191fa7ef055db43e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "fb7b06b59c6887659c6ed0ecd3110835eecbb6a3",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "eba9ac7abab91c8f6d351460239108bef5e7a0b6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp-\u003eprivate_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:33.981Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "platform/x86: wmi: Fix opening of char device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52864",
"datePublished": "2024-05-21T15:31:55.875Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2025-05-04T07:44:33.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52805 (GCVE-0-2023-52805)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in diAlloc
Currently there is not check against the agno of the iag while
allocating new inodes to avoid fragmentation problem. Added the check
which is required.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:20:14.067853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:11.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2308d0fb0dc32446b4e6ca37cd09c30374bb64e9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cf7e3e84df36a9953796c737f080712f631d7083",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1ba7df5457dc1c1071c5f92ac11323533a6430e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64f062baf202b82f54987a3f614a6c8f3e466641",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "665b44e55c2767a4f899c3b18f49e9e1c9983777",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1708d0a9917fea579cc9da3d87b154285abd2cd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "05d9ea1ceb62a55af6727a69269a4fd310edf483",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_imap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in diAlloc\n\nCurrently there is not check against the agno of the iag while\nallocating new inodes to avoid fragmentation problem. Added the check\nwhich is required."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:31.380Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9"
},
{
"url": "https://git.kernel.org/stable/c/cf7e3e84df36a9953796c737f080712f631d7083"
},
{
"url": "https://git.kernel.org/stable/c/7467ca10a5ff09b0e87edf6c4d2a4bfdee69cf2c"
},
{
"url": "https://git.kernel.org/stable/c/1ba7df5457dc1c1071c5f92ac11323533a6430e1"
},
{
"url": "https://git.kernel.org/stable/c/64f062baf202b82f54987a3f614a6c8f3e466641"
},
{
"url": "https://git.kernel.org/stable/c/8c68af2af697ba2ba3b138be0c6d72e2ce3a3d6d"
},
{
"url": "https://git.kernel.org/stable/c/665b44e55c2767a4f899c3b18f49e9e1c9983777"
},
{
"url": "https://git.kernel.org/stable/c/1708d0a9917fea579cc9da3d87b154285abd2cd8"
},
{
"url": "https://git.kernel.org/stable/c/05d9ea1ceb62a55af6727a69269a4fd310edf483"
}
],
"title": "jfs: fix array-index-out-of-bounds in diAlloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52805",
"datePublished": "2024-05-21T15:31:16.374Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2025-05-04T07:43:31.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0841 (GCVE-0-2024-0841)
Vulnerability from cvelistv5
Published
2024-01-28 11:20
Modified
2025-07-23 18:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::nfv cpe:/a:redhat:enterprise_linux:8::realtime |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0841"
},
{
"name": "RHBZ#2256490",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:50:50.798864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:11:12.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv",
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2024-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T18:44:52.678Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-0841"
},
{
"name": "RHBZ#2256490",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256490"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-02T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-01-23T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-476: NULL Pointer Dereference"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0841",
"datePublished": "2024-01-28T11:20:40.159Z",
"dateReserved": "2024-01-23T21:14:44.230Z",
"dateUpdated": "2025-07-23T18:44:52.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26606 (GCVE-0-2024-26606)
Vulnerability from cvelistv5
Published
2024-02-26 14:39
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
binder: signal epoll threads of self-work
In (e)poll mode, threads often depend on I/O events to determine when
data is ready for consumption. Within binder, a thread may initiate a
command via BINDER_WRITE_READ without a read buffer and then make use
of epoll_wait() or similar to consume any responses afterwards.
It is then crucial that epoll threads are signaled via wakeup when they
queue their own work. Otherwise, they risk waiting indefinitely for an
event leaving their work unhandled. What is worse, subsequent commands
won't trigger a wakeup either as the thread has pending work.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 Version: 457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:03:56.068498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:03:58.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dd64bb8329ce0ea27bc557e4160c2688835402ac",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "42beab162dcee1e691ee4934292d51581c29df61",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "a423042052ec2bdbf1e552e621e6a768922363cc",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "82722b453dc2f967b172603e389ee7dc1b3137cc",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "90e09c016d72b91e76de25f71c7b93d94cc3c769",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "a7ae586f6f6024f490b8546c8c84670f96bb9b68",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "93b372c39c40cbf179e56621e6bc48240943af69",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
},
{
"lessThan": "97830f3c3088638ff90b20dfba2eb4d487bf14d7",
"status": "affected",
"version": "457b9a6f09f011ebcb9b52cc203a6331a6fc2de7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/android/binder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: signal epoll threads of self-work\n\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\n\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon\u0027t trigger a wakeup either as the thread has pending work."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:12.161Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac"
},
{
"url": "https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61"
},
{
"url": "https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc"
},
{
"url": "https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc"
},
{
"url": "https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769"
},
{
"url": "https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68"
},
{
"url": "https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69"
},
{
"url": "https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7"
}
],
"title": "binder: signal epoll threads of self-work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26606",
"datePublished": "2024-02-26T14:39:15.861Z",
"dateReserved": "2024-02-19T14:20:24.130Z",
"dateUpdated": "2025-05-04T08:52:12.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52606 (GCVE-0-2023-52606)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/lib: Validate size for vector operations
Some of the fp/vmx code in sstep.c assume a certain maximum size for the
instructions being emulated. The size of those operations however is
determined separately in analyse_instr().
Add a check to validate the assumption on the maximum size of the
operations, so as to prevent any unintended kernel stack corruption.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:40:47.591136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:50.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/sstep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "42084a428a139f1a429f597d44621e3a18f3e414",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0580f4403ad33f379eef865c2a6fe94de37febdf",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "beee482cc4c9a6b1dcffb2e190b4fd8782258678",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "de4f5ed63b8a199704d8cdcbf810309d7eb4b36b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "abd26515d4b767ba48241eea77b28ce0872aef3e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28b8ba8eebf26f66d9f2df4ba550b6b3b136082c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "848e1d7fd710900397e1d0e7584680c1c04e3afd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f9abaa6d7de0a70fc68acaedce290c1f96e2e59",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/lib/sstep.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/lib: Validate size for vector operations\n\nSome of the fp/vmx code in sstep.c assume a certain maximum size for the\ninstructions being emulated. The size of those operations however is\ndetermined separately in analyse_instr().\n\nAdd a check to validate the assumption on the maximum size of the\noperations, so as to prevent any unintended kernel stack corruption."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:44.691Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414"
},
{
"url": "https://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf"
},
{
"url": "https://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678"
},
{
"url": "https://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b"
},
{
"url": "https://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e"
},
{
"url": "https://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c"
},
{
"url": "https://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd"
},
{
"url": "https://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59"
}
],
"title": "powerpc/lib: Validate size for vector operations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52606",
"datePublished": "2024-03-06T06:45:31.257Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:44.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52619 (GCVE-0-2023-52619)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 07:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
pstore/ram: Fix crash when setting number of cpus to an odd number
When the number of cpu cores is adjusted to 7 or other odd numbers,
the zone size will become an odd number.
The address of the zone will become:
addr of zone0 = BASE
addr of zone1 = BASE + zone_size
addr of zone2 = BASE + zone_size*2
...
The address of zone1/3/5/7 will be mapped to non-alignment va.
Eventually crashes will occur when accessing these va.
So, use ALIGN_DOWN() to make sure the zone size is even
to avoid this bug.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-18T14:22:57.908463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/pstore/ram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8b69c30f4e8b69131d92096cb296dc1f217101e4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e9f6ac50890104fdf8194f2865680689239d30fb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a63e48cd835c34c38ef671d344cc029b1ea5bf10",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2a37905d47bffec61e95d99f0c1cc5dc6377956c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "75b0f71b26b3ad833c5c0670109c0af6e021e86a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0593cfd321df9001142a9d2c58d4144917dff7ee",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd40e43f870cf21726b22487a95ed223790b3542",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d49270a04623ce3c0afddbf3e984cb245aa48e9c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/pstore/ram.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Fix crash when setting number of cpus to an odd number\n\nWhen the number of cpu cores is adjusted to 7 or other odd numbers,\nthe zone size will become an odd number.\nThe address of the zone will become:\n addr of zone0 = BASE\n addr of zone1 = BASE + zone_size\n addr of zone2 = BASE + zone_size*2\n ...\nThe address of zone1/3/5/7 will be mapped to non-alignment va.\nEventually crashes will occur when accessing these va.\n\nSo, use ALIGN_DOWN() to make sure the zone size is even\nto avoid this bug."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:40:01.100Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4"
},
{
"url": "https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb"
},
{
"url": "https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10"
},
{
"url": "https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c"
},
{
"url": "https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a"
},
{
"url": "https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee"
},
{
"url": "https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542"
},
{
"url": "https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c"
}
],
"title": "pstore/ram: Fix crash when setting number of cpus to an odd number",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52619",
"datePublished": "2024-03-18T10:19:05.854Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:40:01.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52774 (GCVE-0-2023-52774)
Vulnerability from cvelistv5
Published
2024-05-21 15:30
Modified
2025-05-04 07:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/dasd: protect device queue against concurrent access
In dasd_profile_start() the amount of requests on the device queue are
counted. The access to the device queue is unprotected against
concurrent access. With a lot of parallel I/O, especially with alias
devices enabled, the device queue can change while dasd_profile_start()
is accessing the queue. In the worst case this leads to a kernel panic
due to incorrect pointer accesses.
Fix this by taking the device lock before accessing the queue and
counting the requests. Additionally the check for a valid profile data
pointer can be done earlier to avoid unnecessary locking in a hot path.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 Version: 4fa52aa7a82f9226b3874a69816bda3af821f002 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f75617cc8df4155374132f0b500b0b3ebb967458"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c841de6247e94e07566d57163d3c0d8b29278f7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6062c527d0403cef27c54b91ac8390c3a497b250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9372aab5d0ff621ea203c8c603e7e5f75e888240"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db46cd1e0426f52999d50fa72cfa97fa39952885"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:56.558292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "f75617cc8df4155374132f0b500b0b3ebb967458",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "c841de6247e94e07566d57163d3c0d8b29278f7a",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "6062c527d0403cef27c54b91ac8390c3a497b250",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "9372aab5d0ff621ea203c8c603e7e5f75e888240",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
},
{
"lessThan": "db46cd1e0426f52999d50fa72cfa97fa39952885",
"status": "affected",
"version": "4fa52aa7a82f9226b3874a69816bda3af821f002",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.1"
},
{
"lessThan": "3.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.332",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.301",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.263",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.65",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.332",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.301",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.263",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.203",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.141",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.65",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.4",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: protect device queue against concurrent access\n\nIn dasd_profile_start() the amount of requests on the device queue are\ncounted. The access to the device queue is unprotected against\nconcurrent access. With a lot of parallel I/O, especially with alias\ndevices enabled, the device queue can change while dasd_profile_start()\nis accessing the queue. In the worst case this leads to a kernel panic\ndue to incorrect pointer accesses.\n\nFix this by taking the device lock before accessing the queue and\ncounting the requests. Additionally the check for a valid profile data\npointer can be done earlier to avoid unnecessary locking in a hot path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:42:57.731Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ebdc569a07a3e8dbe66b4184922ad6f88ac0b96f"
},
{
"url": "https://git.kernel.org/stable/c/f75617cc8df4155374132f0b500b0b3ebb967458"
},
{
"url": "https://git.kernel.org/stable/c/f1ac7789406e2ca9ac51c41ad2daa597f47bdd4d"
},
{
"url": "https://git.kernel.org/stable/c/c841de6247e94e07566d57163d3c0d8b29278f7a"
},
{
"url": "https://git.kernel.org/stable/c/6062c527d0403cef27c54b91ac8390c3a497b250"
},
{
"url": "https://git.kernel.org/stable/c/dc96fde8fcb2b896fd6c64802a7f4ece2e69b0be"
},
{
"url": "https://git.kernel.org/stable/c/9372aab5d0ff621ea203c8c603e7e5f75e888240"
},
{
"url": "https://git.kernel.org/stable/c/db46cd1e0426f52999d50fa72cfa97fa39952885"
}
],
"title": "s390/dasd: protect device queue against concurrent access",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52774",
"datePublished": "2024-05-21T15:30:55.593Z",
"dateReserved": "2024-05-21T15:19:24.239Z",
"dateUpdated": "2025-05-04T07:42:57.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26581 (GCVE-0-2024-26581)
Vulnerability from cvelistv5
Published
2024-02-20 12:52
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 8284a79136c384059e85e278da2210b809730287 Version: acaee227cf79c45a5d2d49c3e9a66333a462802c Version: 893cb3c3513cf661a0ff45fe0cfa83fe27131f76 Version: 50cbb9d195c197af671869c8cadce3bd483735a0 Version: 89a4d1a89751a0fbd520e64091873e19cc0979e8 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: f718863aca469a109895cb855e6b81fff4827d71 Version: cd66733932399475fe933cb3ec03e687ed401462 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:31:46.616632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:31:55.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c60d252949caf9aba537525195edae6bbabc35eb",
"status": "affected",
"version": "8284a79136c384059e85e278da2210b809730287",
"versionType": "git"
},
{
"lessThan": "10e9cb39313627f2eae4cd70c4b742074e998fd8",
"status": "affected",
"version": "acaee227cf79c45a5d2d49c3e9a66333a462802c",
"versionType": "git"
},
{
"lessThan": "4cee42fcf54fec46b344681e7cc4f234bb22f85a",
"status": "affected",
"version": "893cb3c3513cf661a0ff45fe0cfa83fe27131f76",
"versionType": "git"
},
{
"lessThan": "2bab493a5624444ec6e648ad0d55a362bcb4c003",
"status": "affected",
"version": "50cbb9d195c197af671869c8cadce3bd483735a0",
"versionType": "git"
},
{
"lessThan": "1296c110c5a0b45a8fcf58e7d18bc5da61a565cb",
"status": "affected",
"version": "89a4d1a89751a0fbd520e64091873e19cc0979e8",
"versionType": "git"
},
{
"lessThan": "b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"lessThan": "6eb14441f10602fa1cf691da9d685718b68b78a9",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"lessThan": "60c0c230c6f046da536d3df8b39a20b9a9fd6af0",
"status": "affected",
"version": "f718863aca469a109895cb855e6b81fff4827d71",
"versionType": "git"
},
{
"status": "affected",
"version": "cd66733932399475fe933cb3ec03e687ed401462",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "6.1.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:12.921Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb"
},
{
"url": "https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8"
},
{
"url": "https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a"
},
{
"url": "https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003"
},
{
"url": "https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb"
},
{
"url": "https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7"
},
{
"url": "https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9"
},
{
"url": "https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0"
}
],
"title": "netfilter: nft_set_rbtree: skip end interval element from gc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26581",
"datePublished": "2024-02-20T12:52:57.398Z",
"dateReserved": "2024-02-19T14:20:24.125Z",
"dateUpdated": "2025-05-04T12:54:12.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26673 (GCVE-0-2024-26673)
Vulnerability from cvelistv5
Published
2024-04-02 06:51
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.
- Disallow layer 4 protocol with no ports, since destination port is a
mandatory attribute for this object.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 Version: 857b46027d6f91150797295752581b7155b9d0e1 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T15:12:33.164796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:32.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f549f340c91f08b938d60266e792ff7748dae483",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "65ee90efc928410c6f73b3d2e0afdd762652c09d",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "b775ced05489f4b77a35fe203e9aeb22f428e38f",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "0f501dae16b7099e69ee9b0d5c70b8f40fd30e98",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "cfe3550ea5df292c9e2d608e8c4560032391847e",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "38cc1605338d99205a263707f4dde76408d3e0e8",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
},
{
"lessThan": "8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4",
"status": "affected",
"version": "857b46027d6f91150797295752581b7155b9d0e1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n mandatory attribute for this object."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:39.623Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483"
},
{
"url": "https://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d"
},
{
"url": "https://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f"
},
{
"url": "https://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98"
},
{
"url": "https://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e"
},
{
"url": "https://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8"
},
{
"url": "https://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4"
}
],
"title": "netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26673",
"datePublished": "2024-04-02T06:51:05.857Z",
"dateReserved": "2024-02-19T14:20:24.150Z",
"dateUpdated": "2025-05-04T08:53:39.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26763 (GCVE-0-2024-26763)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dm-crypt: don't modify the data when using authenticated encryption
It was said that authenticated encryption could produce invalid tag when
the data that is being encrypted is modified [1]. So, fix this problem by
copying the data into the clone bio first and then encrypt them inside the
clone bio.
This may reduce performance, but it is needed to prevent the user from
corrupting the device by writing data with O_DIRECT and modifying them at
the same time.
[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:31.262032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:13.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-crypt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "43a202bd552976497474ae144942e32cc5f34d7e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0dccbb93538fe89a86c6de31d4b1c8c560848eaa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a4371db68a31076afbe56ecce34fbbe6c80c529",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e08c2a8d27e989f0f5b0888792643027d7e691e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "64ba01a365980755732972523600a961c4266b75",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d9e3763a505e50ba3bd22846f2a8db99429fb857",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "50c70240097ce41fe6bce6478b80478281e4d0f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/dm-crypt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don\u0027t modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:57.430Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e"
},
{
"url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa"
},
{
"url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90"
},
{
"url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529"
},
{
"url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6"
},
{
"url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75"
},
{
"url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857"
},
{
"url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7"
}
],
"title": "dm-crypt: don\u0027t modify the data when using authenticated encryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26763",
"datePublished": "2024-04-03T17:00:46.308Z",
"dateReserved": "2024-02-19T14:20:24.172Z",
"dateUpdated": "2025-05-04T08:55:57.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27410 (GCVE-0-2024-27410)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-06-19 12:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: reject iftype change with mesh ID change
It's currently possible to change the mesh ID when the
interface isn't yet in mesh mode, at the same time as
changing it into mesh mode. This leads to an overwrite
of data in the wdev->u union for the interface type it
currently has, causing cfg80211_change_iface() to do
wrong things when switching.
We could probably allow setting an interface to mesh
while setting the mesh ID at the same time by doing a
different order of operations here, but realistically
there's no userspace that's going to do this, so just
disallow changes in iftype when setting mesh ID.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:39:36.191312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:43:50.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "930e826962d9f01dcd2220176134427358d112f2",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "177d574be4b58f832354ab1ef5a297aa0c9aa2df",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"lessThan": "f78c1375339a291cba492a70eaf12ec501d28a8e",
"status": "affected",
"version": "7b0a0e3c3a88260b6fcb017e49f198463aa62ed1",
"versionType": "git"
},
{
"status": "affected",
"version": "7a53ad13c09150076b7ddde96c2dfc5622c90b45",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject iftype change with mesh ID change\n\nIt\u0027s currently possible to change the mesh ID when the\ninterface isn\u0027t yet in mesh mode, at the same time as\nchanging it into mesh mode. This leads to an overwrite\nof data in the wdev-\u003eu union for the interface type it\ncurrently has, causing cfg80211_change_iface() to do\nwrong things when switching.\n\nWe could probably allow setting an interface to mesh\nwhile setting the mesh ID at the same time by doing a\ndifferent order of operations here, but realistically\nthere\u0027s no userspace that\u0027s going to do this, so just\ndisallow changes in iftype when setting mesh ID."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T12:39:17.711Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2"
},
{
"url": "https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df"
},
{
"url": "https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838"
},
{
"url": "https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e"
}
],
"title": "wifi: nl80211: reject iftype change with mesh ID change",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27410",
"datePublished": "2024-05-17T11:50:43.212Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-06-19T12:39:17.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52594 (GCVE-0-2023-52594)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug
occurs when txs->cnt, data from a URB provided by a USB device, is
bigger than the size of the array txs->txstatus, which is
HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug
handling code after the check. Make the function return if that is the
case.
Found by a modified version of syzkaller.
UBSAN: array-index-out-of-bounds in htc_drv_txrx.c
index 13 is out of range for type '__wmi_event_txstatus [12]'
Call Trace:
ath9k_htc_txstatus
ath9k_wmi_event_tasklet
tasklet_action_common
__do_softirq
irq_exit_rxu
sysvec_apic_timer_interrupt
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 Version: 27876a29de221186c9d5883e5fe5f6da18ef9a45 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:54.886327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:30.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f44f073c78112ff921a220d01b86d09f2ace59bc",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "f11f0fd1ad6c11ae7856d4325fe9d05059767225",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "84770a996ad8d7f121ff2fb5a8d149aad52d64c1",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "9003fa9a0198ce004b30738766c67eb7373479c9",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "e4f4bac7d3b64eb75f70cd3345712de6f68a215d",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "be609c7002dd4504b15b069cb7582f4c778548d1",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
},
{
"lessThan": "2adc886244dff60f948497b59affb6c6ebb3c348",
"status": "affected",
"version": "27876a29de221186c9d5883e5fe5f6da18ef9a45",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath9k/htc_drv_txrx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"lessThan": "3.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs-\u003ecnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs-\u003etxstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type \u0027__wmi_event_txstatus [12]\u0027\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:46.466Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc"
},
{
"url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225"
},
{
"url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1"
},
{
"url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9"
},
{
"url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234"
},
{
"url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d"
},
{
"url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1"
},
{
"url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348"
}
],
"title": "wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52594",
"datePublished": "2024-03-06T06:45:25.071Z",
"dateReserved": "2024-03-02T21:55:42.571Z",
"dateUpdated": "2025-05-21T08:49:46.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45863 (GCVE-0-2023-45863)
Vulnerability from cvelistv5
Published
2023-10-14 00:00
Modified
2024-08-02 20:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T21:06:37.809590",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-45863",
"datePublished": "2023-10-14T00:00:00",
"dateReserved": "2023-10-14T00:00:00",
"dateUpdated": "2024-08-02T20:29:32.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52810 (GCVE-0-2023-52810)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs/jfs: Add check for negative db_l2nbperpage
l2nbperpage is log2(number of blks per page), and the minimum legal
value should be 0, not negative.
In the case of l2nbperpage being negative, an error will occur
when subsequently used as shift exponent.
Syzbot reported this bug:
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12
shift exponent -16777216 is negative
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cc61fcf7d1c9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8f2964df6bfc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a81a56b4cbe3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "524b4f203afc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5f148b16972e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0cb567e72733",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "491085258185",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1a7c53fdea1d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "525b861a0081",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T16:17:58.719311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "CWE-1335 Incorrect Bitwise Shift of Integer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:20:18.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f2964df6bfce9d92d81ca552010b8677af8d9dc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "524b4f203afcf87accfe387e846f33f916f0c907",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5f148b16972e5f4592629b244d5109b15135f53f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0cb567e727339a192f9fd0db00781d73a91d15a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "491085258185ffc4fb91555b0dba895fe7656a45",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1a7c53fdea1d189087544d9a606d249e93c4934b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "525b861a008143048535011f3816d407940f4bfa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/jfs: Add check for negative db_l2nbperpage\n\nl2nbperpage is log2(number of blks per page), and the minimum legal\nvalue should be 0, not negative.\n\nIn the case of l2nbperpage being negative, an error will occur\nwhen subsequently used as shift exponent.\n\nSyzbot reported this bug:\n\nUBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12\nshift exponent -16777216 is negative"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:36.926Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01"
},
{
"url": "https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc"
},
{
"url": "https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1"
},
{
"url": "https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907"
},
{
"url": "https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f"
},
{
"url": "https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6"
},
{
"url": "https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45"
},
{
"url": "https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b"
},
{
"url": "https://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa"
}
],
"title": "fs/jfs: Add check for negative db_l2nbperpage",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52810",
"datePublished": "2024-05-21T15:31:19.629Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-05-04T07:43:36.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52838 (GCVE-0-2023-52838)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 12:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: imsttfb: fix a resource leak in probe
I've re-written the error handling but the bug is that if init_imstt()
fails we need to call iounmap(par->cmap_regs).
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 7f683f286a2196bd4d2da420a3194f5ba0269d8c Version: 815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd Version: 2bf70b88cc358a437db376826f92c8dcf9c23587 Version: ad3de274e065790181f112b9c72a2fb4665ee2fd Version: c6c0a9f619584be19726ce7f81c31bc555af401a Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: c75f5a55061091030a13fef71b9995b89bc86213 Version: 64c6b84c73f576380fadeec2d30aaeccbc2994c7 Version: 4c86974fb42281b8041a504d92ab341ad4697325 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T18:03:42.645076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:59:31.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/imsttfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485",
"status": "affected",
"version": "7f683f286a2196bd4d2da420a3194f5ba0269d8c",
"versionType": "git"
},
{
"lessThan": "6c66d737b2726ac7784269ddf32a31634f8f269d",
"status": "affected",
"version": "815c95d82b79bb32e9aa7c95c6ac7cb1c92612cd",
"versionType": "git"
},
{
"lessThan": "a4dfebec32ec6d420a5506dd56a7834c91be28e4",
"status": "affected",
"version": "2bf70b88cc358a437db376826f92c8dcf9c23587",
"versionType": "git"
},
{
"lessThan": "8e4b510fe91782522b7ca0ca881b663b5d35e513",
"status": "affected",
"version": "ad3de274e065790181f112b9c72a2fb4665ee2fd",
"versionType": "git"
},
{
"lessThan": "7bc7b82fb2191b0d50a80ee4e27030918767dd1d",
"status": "affected",
"version": "c6c0a9f619584be19726ce7f81c31bc555af401a",
"versionType": "git"
},
{
"lessThan": "18d26f9baca7d0d309303e3074a2252b8310884a",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"lessThan": "b346a531159d08c564a312a9eaeea691704f3c00",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"lessThan": "aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b",
"status": "affected",
"version": "c75f5a55061091030a13fef71b9995b89bc86213",
"versionType": "git"
},
{
"status": "affected",
"version": "64c6b84c73f576380fadeec2d30aaeccbc2994c7",
"versionType": "git"
},
{
"status": "affected",
"version": "4c86974fb42281b8041a504d92ab341ad4697325",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/imsttfb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.19.291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "5.4.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "5.10.188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "5.15.116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "6.1.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imsttfb: fix a resource leak in probe\n\nI\u0027ve re-written the error handling but the bug is that if init_imstt()\nfails we need to call iounmap(par-\u003ecmap_regs)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:37.526Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485"
},
{
"url": "https://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d"
},
{
"url": "https://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4"
},
{
"url": "https://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513"
},
{
"url": "https://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d"
},
{
"url": "https://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a"
},
{
"url": "https://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00"
},
{
"url": "https://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b"
}
],
"title": "fbdev: imsttfb: fix a resource leak in probe",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52838",
"datePublished": "2024-05-21T15:31:38.539Z",
"dateReserved": "2024-05-21T15:19:24.253Z",
"dateUpdated": "2025-05-04T12:49:37.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52879 (GCVE-0-2023-52879)
Vulnerability from cvelistv5
Published
2024-05-21 15:32
Modified
2025-05-04 07:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have trace_event_file have ref counters
The following can crash the kernel:
# cd /sys/kernel/tracing
# echo 'p:sched schedule' > kprobe_events
# exec 5>>events/kprobes/sched/enable
# > kprobe_events
# exec 5>&-
The above commands:
1. Change directory to the tracefs directory
2. Create a kprobe event (doesn't matter what one)
3. Open bash file descriptor 5 on the enable file of the kprobe event
4. Delete the kprobe event (removes the files too)
5. Close the bash file descriptor 5
The above causes a crash!
BUG: kernel NULL pointer dereference, address: 0000000000000028
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:tracing_release_file_tr+0xc/0x50
What happens here is that the kprobe event creates a trace_event_file
"file" descriptor that represents the file in tracefs to the event. It
maintains state of the event (is it enabled for the given instance?).
Opening the "enable" file gets a reference to the event "file" descriptor
via the open file descriptor. When the kprobe event is deleted, the file is
also deleted from the tracefs system which also frees the event "file"
descriptor.
But as the tracefs file is still opened by user space, it will not be
totally removed until the final dput() is called on it. But this is not
true with the event "file" descriptor that is already freed. If the user
does a write to or simply closes the file descriptor it will reference the
event "file" descriptor that was just freed, causing a use-after-free bug.
To solve this, add a ref count to the event "file" descriptor as well as a
new flag called "FREED". The "file" will not be freed until the last
reference is released. But the FREE flag will be set when the event is
removed to prevent any more modifications to that event from happening,
even if there's still a reference to the event "file" descriptor.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: e6807c873d8791ae5a5186ad05ec66cab926539a Version: 407bf1c140f0757706c0b28604bcc90837d45ce2 Version: fa6d449e4d024d8c17f4288e0567d28ace69415c Version: a46bf337a20f9edd3c8041b025639842280d0575 Version: 9beec04370132a7a6cd1aa9897f6fffc6262ff28 Version: f5ca233e2e66dc1c249bf07eefa37e34a6c9346a Version: f5ca233e2e66dc1c249bf07eefa37e34a6c9346a |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52879",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T16:59:47.559597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:30.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/trace_events.h",
"kernel/trace/trace.c",
"kernel/trace/trace.h",
"kernel/trace/trace_events.c",
"kernel/trace/trace_events_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "961c4511c7578d6b8f39118be919016ec3db1c1e",
"status": "affected",
"version": "e6807c873d8791ae5a5186ad05ec66cab926539a",
"versionType": "git"
},
{
"lessThan": "a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f",
"status": "affected",
"version": "407bf1c140f0757706c0b28604bcc90837d45ce2",
"versionType": "git"
},
{
"lessThan": "cbc7c29dff0fa18162f2a3889d82eeefd67305e0",
"status": "affected",
"version": "fa6d449e4d024d8c17f4288e0567d28ace69415c",
"versionType": "git"
},
{
"lessThan": "2fa74d29fc1899c237d51bf9a6e132ea5c488976",
"status": "affected",
"version": "a46bf337a20f9edd3c8041b025639842280d0575",
"versionType": "git"
},
{
"lessThan": "2c9de867ca285c397cd71af703763fe416265706",
"status": "affected",
"version": "9beec04370132a7a6cd1aa9897f6fffc6262ff28",
"versionType": "git"
},
{
"lessThan": "9034c87d61be8cff989017740a91701ac8195a1d",
"status": "affected",
"version": "f5ca233e2e66dc1c249bf07eefa37e34a6c9346a",
"versionType": "git"
},
{
"lessThan": "bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4",
"status": "affected",
"version": "f5ca233e2e66dc1c249bf07eefa37e34a6c9346a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/trace_events.h",
"kernel/trace/trace.c",
"kernel/trace/trace.h",
"kernel/trace/trace_events.c",
"kernel/trace/trace_events_filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "5.4.258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "5.10.198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "5.15.134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "6.1.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "6.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.1",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Have trace_event_file have ref counters\n\nThe following can crash the kernel:\n\n # cd /sys/kernel/tracing\n # echo \u0027p:sched schedule\u0027 \u003e kprobe_events\n # exec 5\u003e\u003eevents/kprobes/sched/enable\n # \u003e kprobe_events\n # exec 5\u003e\u0026-\n\nThe above commands:\n\n 1. Change directory to the tracefs directory\n 2. Create a kprobe event (doesn\u0027t matter what one)\n 3. Open bash file descriptor 5 on the enable file of the kprobe event\n 4. Delete the kprobe event (removes the files too)\n 5. Close the bash file descriptor 5\n\nThe above causes a crash!\n\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 6 PID: 877 Comm: bash Not tainted 6.5.0-rc4-test-00008-g2c6b6b1029d4-dirty #186\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n RIP: 0010:tracing_release_file_tr+0xc/0x50\n\nWhat happens here is that the kprobe event creates a trace_event_file\n\"file\" descriptor that represents the file in tracefs to the event. It\nmaintains state of the event (is it enabled for the given instance?).\nOpening the \"enable\" file gets a reference to the event \"file\" descriptor\nvia the open file descriptor. When the kprobe event is deleted, the file is\nalso deleted from the tracefs system which also frees the event \"file\"\ndescriptor.\n\nBut as the tracefs file is still opened by user space, it will not be\ntotally removed until the final dput() is called on it. But this is not\ntrue with the event \"file\" descriptor that is already freed. If the user\ndoes a write to or simply closes the file descriptor it will reference the\nevent \"file\" descriptor that was just freed, causing a use-after-free bug.\n\nTo solve this, add a ref count to the event \"file\" descriptor as well as a\nnew flag called \"FREED\". The \"file\" will not be freed until the last\nreference is released. But the FREE flag will be set when the event is\nremoved to prevent any more modifications to that event from happening,\neven if there\u0027s still a reference to the event \"file\" descriptor."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:45:07.175Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/961c4511c7578d6b8f39118be919016ec3db1c1e"
},
{
"url": "https://git.kernel.org/stable/c/a98172e36e5f1b3d29ad71fade2d611cfcc2fe6f"
},
{
"url": "https://git.kernel.org/stable/c/cbc7c29dff0fa18162f2a3889d82eeefd67305e0"
},
{
"url": "https://git.kernel.org/stable/c/2fa74d29fc1899c237d51bf9a6e132ea5c488976"
},
{
"url": "https://git.kernel.org/stable/c/2c9de867ca285c397cd71af703763fe416265706"
},
{
"url": "https://git.kernel.org/stable/c/9034c87d61be8cff989017740a91701ac8195a1d"
},
{
"url": "https://git.kernel.org/stable/c/bb32500fb9b78215e4ef6ee8b4345c5f5d7eafb4"
}
],
"title": "tracing: Have trace_event_file have ref counters",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52879",
"datePublished": "2024-05-21T15:32:11.263Z",
"dateReserved": "2024-05-21T15:19:24.265Z",
"dateUpdated": "2025-05-04T07:45:07.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26598 (GCVE-0-2024-26598)
Vulnerability from cvelistv5
Published
2024-02-23 14:46
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
There is a potential UAF scenario in the case of an LPI translation
cache hit racing with an operation that invalidates the cache, such
as a DISCARD ITS command. The root of the problem is that
vgic_its_check_cache() does not elevate the refcount on the vgic_irq
before dropping the lock that serializes refcount changes.
Have vgic_its_check_cache() raise the refcount on the returned vgic_irq
and add the corresponding decrement after queueing the interrupt.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d04acadb6490",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "ba7be6667408",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "12c2759ab134",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "dba788e25f05",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "65b201bf3e9a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "dd3956a1b3dd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "ad362fe07fec",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.269",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.209",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.148",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.75",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.14",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T16:15:47.782832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T16:16:01.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d04acadb6490aa3314f9c9e087691e55de153b88",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ba7be666740847d967822bed15500656b26bc703",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "12c2759ab1343c124ed46ba48f27bd1ef5d2dff4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dba788e25f05209adf2b0175eb1691dc89fb1ba6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "65b201bf3e9af1b0254243a5881390eda56f72d1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd3956a1b3dd11f46488c928cb890d6937d1ca80",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ad362fe07fecf0aba839ff2cc59a3617bd42c33f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-its.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache\n\nThere is a potential UAF scenario in the case of an LPI translation\ncache hit racing with an operation that invalidates the cache, such\nas a DISCARD ITS command. The root of the problem is that\nvgic_its_check_cache() does not elevate the refcount on the vgic_irq\nbefore dropping the lock that serializes refcount changes.\n\nHave vgic_its_check_cache() raise the refcount on the returned vgic_irq\nand add the corresponding decrement after queueing the interrupt."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:55.492Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88"
},
{
"url": "https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703"
},
{
"url": "https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4"
},
{
"url": "https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6"
},
{
"url": "https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1"
},
{
"url": "https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80"
},
{
"url": "https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f"
}
],
"title": "KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26598",
"datePublished": "2024-02-23T14:46:26.672Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:51:55.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26748 (GCVE-0-2024-26748)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: fix memory double free when handle zero packet
829 if (request->complete) {
830 spin_unlock(&priv_dev->lock);
831 usb_gadget_giveback_request(&priv_ep->endpoint,
832 request);
833 spin_lock(&priv_dev->lock);
834 }
835
836 if (request->buf == priv_dev->zlp_buf)
837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request);
Driver append an additional zero packet request when queue a packet, which
length mod max packet size is 0. When transfer complete, run to line 831,
usb_gadget_giveback_request() will free this requestion. 836 condition is
true, so cdns3_gadget_ep_free_request() free this request again.
Log:
[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]
[ 1920.140696][ T150]
[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):
[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]
[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]
Add check at line 829, skip call usb_gadget_giveback_request() if it is
additional zero length packet request. Needn't call
usb_gadget_giveback_request() because it is allocated in this driver.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:31:00.230088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:02.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aad6132ae6e4809e375431f8defd1521985e44e7",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "1e204a8e9eb514e22a6567fb340ebb47df3f3a48",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "3a2a909942b5335b7ea66366d84261b3ed5f89c8",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "9a52b694b066f299d8b9800854a8503457a8b64c",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "70e8038813f9d3e72df966748ebbc40efe466019",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "92d20406a3d4ff3e8be667c79209dc9ed31df5b3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "5fd9e45f1ebcd57181358af28506e8a661a260b3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix memory double free when handle zero packet\n\n829 if (request-\u003ecomplete) {\n830 spin_unlock(\u0026priv_dev-\u003elock);\n831 usb_gadget_giveback_request(\u0026priv_ep-\u003eendpoint,\n832 request);\n833 spin_lock(\u0026priv_dev-\u003elock);\n834 }\n835\n836 if (request-\u003ebuf == priv_dev-\u003ezlp_buf)\n837 cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, request);\n\nDriver append an additional zero packet request when queue a packet, which\nlength mod max packet size is 0. When transfer complete, run to line 831,\nusb_gadget_giveback_request() will free this requestion. 836 condition is\ntrue, so cdns3_gadget_ep_free_request() free this request again.\n\nLog:\n\n[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.140696][ T150]\n[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):\n[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]\n\nAdd check at line 829, skip call usb_gadget_giveback_request() if it is\nadditional zero length packet request. Needn\u0027t call\nusb_gadget_giveback_request() because it is allocated in this driver."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:36.651Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7"
},
{
"url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48"
},
{
"url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8"
},
{
"url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c"
},
{
"url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019"
},
{
"url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3"
},
{
"url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3"
}
],
"title": "usb: cdns3: fix memory double free when handle zero packet",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26748",
"datePublished": "2024-04-03T17:00:35.087Z",
"dateReserved": "2024-02-19T14:20:24.168Z",
"dateUpdated": "2025-05-04T08:55:36.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26805 (GCVE-0-2024-26805)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
syzbot reported the following uninit-value access issue [1]:
netlink_to_full_skb() creates a new `skb` and puts the `skb->data`
passed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data
size is specified as `len` and passed to skb_put_data(). This `len`
is based on `skb->end` that is not data offset but buffer offset. The
`skb->end` contains data and tailroom. Since the tailroom is not
initialized when the new `skb` created, KMSAN detects uninitialized
memory area when copying the data.
This patch resolved this issue by correct the len from `skb->end` to
`skb->len`, which is the actual data offset.
BUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]
BUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
BUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]
BUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
instrument_copy_to_user include/linux/instrumented.h:114 [inline]
copy_to_user_iter lib/iov_iter.c:24 [inline]
iterate_ubuf include/linux/iov_iter.h:29 [inline]
iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
iterate_and_advance include/linux/iov_iter.h:271 [inline]
_copy_to_iter+0x364/0x2520 lib/iov_iter.c:186
copy_to_iter include/linux/uio.h:197 [inline]
simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532
__skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420
skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546
skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]
packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482
sock_recvmsg_nosec net/socket.c:1044 [inline]
sock_recvmsg net/socket.c:1066 [inline]
sock_read_iter+0x467/0x580 net/socket.c:1136
call_read_iter include/linux/fs.h:2014 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x8f6/0xe00 fs/read_write.c:470
ksys_read+0x20f/0x4c0 fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__x64_sys_read+0x93/0xd0 fs/read_write.c:621
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was stored to memory at:
skb_put_data include/linux/skbuff.h:2622 [inline]
netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]
__netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]
__netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325
netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]
netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]
netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg net/socket.c:745 [inline]
____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
__sys_sendmsg net/socket.c:2667 [inline]
__do_sys_sendmsg net/socket.c:2676 [inline]
__se_sys_sendmsg net/socket.c:2674 [inline]
__x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at:
free_pages_prepare mm/page_alloc.c:1087 [inline]
free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347
free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533
release_pages+0x23d3/0x2410 mm/swap.c:1042
free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316
tlb_batch_pages
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 1853c949646005b5959c483becde86608f548f24 Version: 92994a5f49d0a81c8643452d5c0a6e8b31d85a61 Version: 85aec6328f3346b0718211faad564a3ffa64f60e Version: d38200098e3203ba30ba06ed3f345ec6ca75234c Version: 65d48c630ff80a19c39751a4a6d3315f4c3c0280 Version: 62f43b58d2b2c4f0200b9ca2b997f4c484f0272f |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:06:14.957747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:06:26.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec343a55b687a452f5e87f3b52bf9f155864df65",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "9ae51361da43270f4ba0eb924427a07e87e48777",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "f19d1f98e60e68b11fc60839105dd02a30ec0d77",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "c71ed29d15b1a1ed6c464f8c3536996963046285",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "0b27bf4c494d61e5663baa34c3edd7ccebf0ea44",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "d3ada42e534a83b618bbc1e490d23bf0fdae4736",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"lessThan": "661779e1fcafe1b74b3f3fe8e980c1e207fea1fd",
"status": "affected",
"version": "1853c949646005b5959c483becde86608f548f24",
"versionType": "git"
},
{
"status": "affected",
"version": "92994a5f49d0a81c8643452d5c0a6e8b31d85a61",
"versionType": "git"
},
{
"status": "affected",
"version": "85aec6328f3346b0718211faad564a3ffa64f60e",
"versionType": "git"
},
{
"status": "affected",
"version": "d38200098e3203ba30ba06ed3f345ec6ca75234c",
"versionType": "git"
},
{
"status": "affected",
"version": "65d48c630ff80a19c39751a4a6d3315f4c3c0280",
"versionType": "git"
},
{
"status": "affected",
"version": "62f43b58d2b2c4f0200b9ca2b997f4c484f0272f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netlink/af_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.14.54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.18.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb-\u003edata`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb-\u003eend` that is not data offset but buffer offset. The\n`skb-\u003eend` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb-\u003eend` to\n`skb-\u003elen`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:47.795Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65"
},
{
"url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777"
},
{
"url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77"
},
{
"url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285"
},
{
"url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44"
},
{
"url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736"
},
{
"url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d"
},
{
"url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd"
}
],
"title": "netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26805",
"datePublished": "2024-04-04T08:20:32.250Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:47.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52615 (GCVE-0-2023-52615)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
There is a dead-lock in the hwrng device read path. This triggers
when the user reads from /dev/hwrng into memory also mmap-ed from
/dev/hwrng. The resulting page fault triggers a recursive read
which then dead-locks.
Fix this by using a stack buffer when calling copy_to_user.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b Version: 9996508b3353063f2d6c48c1a28a84543d72d70b |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:19.515526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:21.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eafd83b92f6c044007a3591cbd476bcf90455990",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "5030d4c798863ccb266563201b341a099e8cdd48",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "c6a8111aacbfe7a8a70f46cc0de8eed00561693c",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "26cc6d7006f922df6cc4389248032d955750b2a0",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "aa8aa16ed9adf1df05bb339d588cf485a011839e",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "ecabe8cd456d3bf81e92c53b074732f3140f170d",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "6822a14271786150e178869f1495cc03e74c5029",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
},
{
"lessThan": "78aafb3884f6bc6636efcc1760c891c8500b9922",
"status": "affected",
"version": "9996508b3353063f2d6c48c1a28a84543d72d70b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/hw_random/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\n\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\n\nFix this by using a stack buffer when calling copy_to_user."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:56.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eafd83b92f6c044007a3591cbd476bcf90455990"
},
{
"url": "https://git.kernel.org/stable/c/5030d4c798863ccb266563201b341a099e8cdd48"
},
{
"url": "https://git.kernel.org/stable/c/c6a8111aacbfe7a8a70f46cc0de8eed00561693c"
},
{
"url": "https://git.kernel.org/stable/c/26cc6d7006f922df6cc4389248032d955750b2a0"
},
{
"url": "https://git.kernel.org/stable/c/aa8aa16ed9adf1df05bb339d588cf485a011839e"
},
{
"url": "https://git.kernel.org/stable/c/ecabe8cd456d3bf81e92c53b074732f3140f170d"
},
{
"url": "https://git.kernel.org/stable/c/6822a14271786150e178869f1495cc03e74c5029"
},
{
"url": "https://git.kernel.org/stable/c/78aafb3884f6bc6636efcc1760c891c8500b9922"
}
],
"title": "hwrng: core - Fix page fault dead lock on mmap-ed hwrng",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52615",
"datePublished": "2024-03-18T10:14:45.503Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:56.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26645 (GCVE-0-2024-26645)
Vulnerability from cvelistv5
Published
2024-03-26 15:17
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tracing: Ensure visibility when inserting an element into tracing_map
Running the following two commands in parallel on a multi-processor
AArch64 machine can sporadically produce an unexpected warning about
duplicate histogram entries:
$ while true; do
echo hist:key=id.syscall:val=hitcount > \
/sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger
cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist
sleep 0.001
done
$ stress-ng --sysbadaddr $(nproc)
The warning looks as follows:
[ 2911.172474] ------------[ cut here ]------------
[ 2911.173111] Duplicates detected: 1
[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408
[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)
[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1
[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01
[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018
[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408
[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408
[ 2911.185310] sp : ffff8000a1513900
[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001
[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008
[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180
[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff
[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8
[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731
[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c
[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8
[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000
[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480
[ 2911.194259] Call trace:
[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408
[ 2911.195220] hist_show+0x124/0x800
[ 2911.195692] seq_read_iter+0x1d4/0x4e8
[ 2911.196193] seq_read+0xe8/0x138
[ 2911.196638] vfs_read+0xc8/0x300
[ 2911.197078] ksys_read+0x70/0x108
[ 2911.197534] __arm64_sys_read+0x24/0x38
[ 2911.198046] invoke_syscall+0x78/0x108
[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8
[ 2911.199157] do_el0_svc+0x28/0x40
[ 2911.199613] el0_svc+0x40/0x178
[ 2911.200048] el0t_64_sync_handler+0x13c/0x158
[ 2911.200621] el0t_64_sync+0x1a8/0x1b0
[ 2911.201115] ---[ end trace 0000000000000000 ]---
The problem appears to be caused by CPU reordering of writes issued from
__tracing_map_insert().
The check for the presence of an element with a given key in this
function is:
val = READ_ONCE(entry->val);
if (val && keys_match(key, val->key, map->key_size)) ...
The write of a new entry is:
elt = get_free_elt(map);
memcpy(elt->key, key, map->key_size);
entry->val = elt;
The "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;"
stores may become visible in the reversed order on another CPU. This
second CPU might then incorrectly determine that a new key doesn't match
an already present val->key and subse
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef Version: c193707dde77ace92a649cd59a17e105e2fbeaef |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:23:28.207860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:27.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/trace/tracing_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5022b331c041e8c54b9a6a3251579bd1e8c0fc0b",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "dad9b28f675ed99b4dec261db2a397efeb80b74c",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "ef70dfa0b1e5084f32635156c9a5c795352ad860",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "aef1cb00856ccfd614467cfb50b791278992e177",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "f4f7e696db0274ff560482cc52eddbf0551d4b7a",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "bf4aeff7da85c3becd39fb73bac94122331c30fb",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
},
{
"lessThan": "2b44760609e9eaafc9d234a6883d042fc21132a7",
"status": "affected",
"version": "c193707dde77ace92a649cd59a17e105e2fbeaef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/trace/tracing_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Ensure visibility when inserting an element into tracing_map\n\nRunning the following two commands in parallel on a multi-processor\nAArch64 machine can sporadically produce an unexpected warning about\nduplicate histogram entries:\n\n $ while true; do\n echo hist:key=id.syscall:val=hitcount \u003e \\\n /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger\n cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist\n sleep 0.001\n done\n $ stress-ng --sysbadaddr $(nproc)\n\nThe warning looks as follows:\n\n[ 2911.172474] ------------[ cut here ]------------\n[ 2911.173111] Duplicates detected: 1\n[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408\n[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)\n[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1\n[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01\n[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018\n[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.185310] sp : ffff8000a1513900\n[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001\n[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008\n[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180\n[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff\n[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8\n[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731\n[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c\n[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8\n[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000\n[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480\n[ 2911.194259] Call trace:\n[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408\n[ 2911.195220] hist_show+0x124/0x800\n[ 2911.195692] seq_read_iter+0x1d4/0x4e8\n[ 2911.196193] seq_read+0xe8/0x138\n[ 2911.196638] vfs_read+0xc8/0x300\n[ 2911.197078] ksys_read+0x70/0x108\n[ 2911.197534] __arm64_sys_read+0x24/0x38\n[ 2911.198046] invoke_syscall+0x78/0x108\n[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8\n[ 2911.199157] do_el0_svc+0x28/0x40\n[ 2911.199613] el0_svc+0x40/0x178\n[ 2911.200048] el0t_64_sync_handler+0x13c/0x158\n[ 2911.200621] el0t_64_sync+0x1a8/0x1b0\n[ 2911.201115] ---[ end trace 0000000000000000 ]---\n\nThe problem appears to be caused by CPU reordering of writes issued from\n__tracing_map_insert().\n\nThe check for the presence of an element with a given key in this\nfunction is:\n\n val = READ_ONCE(entry-\u003eval);\n if (val \u0026\u0026 keys_match(key, val-\u003ekey, map-\u003ekey_size)) ...\n\nThe write of a new entry is:\n\n elt = get_free_elt(map);\n memcpy(elt-\u003ekey, key, map-\u003ekey_size);\n entry-\u003eval = elt;\n\nThe \"memcpy(elt-\u003ekey, key, map-\u003ekey_size);\" and \"entry-\u003eval = elt;\"\nstores may become visible in the reversed order on another CPU. This\nsecond CPU might then incorrectly determine that a new key doesn\u0027t match\nan already present val-\u003ekey and subse\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:59.583Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5022b331c041e8c54b9a6a3251579bd1e8c0fc0b"
},
{
"url": "https://git.kernel.org/stable/c/dad9b28f675ed99b4dec261db2a397efeb80b74c"
},
{
"url": "https://git.kernel.org/stable/c/ef70dfa0b1e5084f32635156c9a5c795352ad860"
},
{
"url": "https://git.kernel.org/stable/c/aef1cb00856ccfd614467cfb50b791278992e177"
},
{
"url": "https://git.kernel.org/stable/c/f4f7e696db0274ff560482cc52eddbf0551d4b7a"
},
{
"url": "https://git.kernel.org/stable/c/a1eebe76e187dbe11ca299f8dbb6e45d5b1889e7"
},
{
"url": "https://git.kernel.org/stable/c/bf4aeff7da85c3becd39fb73bac94122331c30fb"
},
{
"url": "https://git.kernel.org/stable/c/2b44760609e9eaafc9d234a6883d042fc21132a7"
}
],
"title": "tracing: Ensure visibility when inserting an element into tracing_map",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26645",
"datePublished": "2024-03-26T15:17:18.203Z",
"dateReserved": "2024-02-19T14:20:24.138Z",
"dateUpdated": "2025-05-04T08:52:59.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26778 (GCVE-0-2024-26778)
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fbdev: savage: Error out if pixclock equals zero
The userspace program could pass any values to the driver through
ioctl() interface. If the driver doesn't check the value of pixclock,
it may cause divide-by-zero error.
Although pixclock is checked in savagefb_decode_var(), but it is not
checked properly in savagefb_probe(). Fix this by checking whether
pixclock is zero in the function savagefb_check_var() before
info->var.pixclock is used as the divisor.
This is similar to CVE-2022-3061 in i740fb which was fixed by
commit 15cf0b8.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:06:44.068367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:06:55.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "224453de8505aede1890f007be973925a3edf6a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "070398d32c5f3ab0e890374904ad94551c76aec4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:17.963Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1"
},
{
"url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff"
},
{
"url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24"
},
{
"url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1"
},
{
"url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4"
},
{
"url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13"
},
{
"url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01"
},
{
"url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288"
}
],
"title": "fbdev: savage: Error out if pixclock equals zero",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26778",
"datePublished": "2024-04-03T17:01:08.782Z",
"dateReserved": "2024-02-19T14:20:24.177Z",
"dateUpdated": "2025-05-04T08:56:17.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26754 (GCVE-0-2024-26754)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
The gtp_net_ops pernet operations structure for the subsystem must be
registered before registering the generic netlink family.
Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug:
general protection fault, probably for non-canonical address
0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014
RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]
Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86
df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80>
3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74
RSP: 0018:ffff888014107220 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000
FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? show_regs+0x90/0xa0
? die_addr+0x50/0xd0
? exc_general_protection+0x148/0x220
? asm_exc_general_protection+0x22/0x30
? gtp_genl_dump_pdp+0x1be/0x800 [gtp]
? __alloc_skb+0x1dd/0x350
? __pfx___alloc_skb+0x10/0x10
genl_dumpit+0x11d/0x230
netlink_dump+0x5b9/0xce0
? lockdep_hardirqs_on_prepare+0x253/0x430
? __pfx_netlink_dump+0x10/0x10
? kasan_save_track+0x10/0x40
? __kasan_kmalloc+0x9b/0xa0
? genl_start+0x675/0x970
__netlink_dump_start+0x6fc/0x9f0
genl_family_rcv_msg_dumpit+0x1bb/0x2d0
? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
? genl_op_from_small+0x2a/0x440
? cap_capable+0x1d0/0x240
? __pfx_genl_start+0x10/0x10
? __pfx_genl_dumpit+0x10/0x10
? __pfx_genl_done+0x10/0x10
? security_capable+0x9d/0xe0
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 Version: 459aa660eb1d8ce67080da1983bb81d716aa5a69 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:37.587111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:15.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f0ecdfa679189d26aedfe24212d4e69e42c2c861",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "f8cbd1791900b5d96466eede8e9439a5b9ca4de7",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "2e534fd15e5c2ca15821c897352cf0e8a3e30dca",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "a576308800be28f2eaa099e7caad093b97d66e77",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "3963f16cc7643b461271989b712329520374ad2a",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "ba6b8b02a3314e62571a540efa96560888c5f03e",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "5013bd54d283eda5262c9ae3bcc966d01daf8576",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
},
{
"lessThan": "136cfaca22567a03bbb3bf53a43d8cb5748b80ec",
"status": "affected",
"version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/gtp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.308",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.308",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\n\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e\n 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:45.919Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861"
},
{
"url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7"
},
{
"url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca"
},
{
"url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77"
},
{
"url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a"
},
{
"url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e"
},
{
"url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576"
},
{
"url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec"
}
],
"title": "gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26754",
"datePublished": "2024-04-03T17:00:39.079Z",
"dateReserved": "2024-02-19T14:20:24.170Z",
"dateUpdated": "2025-05-04T08:55:45.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52595 (GCVE-0-2023-52595)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: rt2x00: restart beacon queue when hardware reset
When a hardware reset is triggered, all registers are reset, so all
queues are forced to stop in hardware interface. However, mac80211
will not automatically stop the queue. If we don't manually stop the
beacon queue, the queue will be deadlocked and unable to start again.
This patch fixes the issue where Apple devices cannot connect to the
AP after calling ieee80211_restart_hw().
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52595",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:31:56.163263Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:17.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
"drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e1f113b57ddd18274d7c83618deca25cc880bc48",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "69e905beca193125820c201ab3db4fb0e245124e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4cc198580a7b93a36f5beb923f40f7ae27a3716c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "739b3ccd9486dff04af95f9a890846d088a84957",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "04cfe4a5da57ab9358cdfadea22bcb37324aaf83",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fdb580ed05df8973aa5149cafa598c64bebcd0cb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a11d965a218f0cd95b13fe44d0bcd8a20ce134a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ralink/rt2x00/rt2x00dev.c",
"drivers/net/wireless/ralink/rt2x00/rt2x00mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rt2x00: restart beacon queue when hardware reset\n\nWhen a hardware reset is triggered, all registers are reset, so all\nqueues are forced to stop in hardware interface. However, mac80211\nwill not automatically stop the queue. If we don\u0027t manually stop the\nbeacon queue, the queue will be deadlocked and unable to start again.\nThis patch fixes the issue where Apple devices cannot connect to the\nAP after calling ieee80211_restart_hw()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:26.412Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48"
},
{
"url": "https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e"
},
{
"url": "https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c"
},
{
"url": "https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957"
},
{
"url": "https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83"
},
{
"url": "https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb"
},
{
"url": "https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8"
}
],
"title": "wifi: rt2x00: restart beacon queue when hardware reset",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52595",
"datePublished": "2024-03-06T06:45:25.577Z",
"dateReserved": "2024-03-02T21:55:42.571Z",
"dateUpdated": "2025-05-04T07:39:26.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51780 (GCVE-0-2023-51780)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240419-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T07:06:01.941453",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/torvalds/linux/commit/24e90b9e34f9e039f56b5f25f6e6eb92cdd8f4b3"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51780",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-25T00:00:00",
"dateUpdated": "2024-08-02T22:48:11.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6121 (GCVE-0-2023-6121)
Vulnerability from cvelistv5
Published
2023-11-16 14:45
Modified
2025-07-23 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-553.rt7.342.el8_10 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T13:58:01.737027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:58:09.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6121"
},
{
"name": "RHBZ#2250043",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.rt7.342.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-553.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-427.13.1.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Alon Zahavi for reporting this issue."
}
],
"datePublic": "2023-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T21:51:55.280Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2394",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2394"
},
{
"name": "RHSA-2024:2950",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2950"
},
{
"name": "RHSA-2024:3138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3138"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6121"
},
{
"name": "RHBZ#2250043",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250043"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-12T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-06T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get",
"workarounds": [
{
"lang": "en",
"value": "This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg:\n```\nsudo sysctl -w kernel.dmesg_restrict=1\n```\nTo make it persistent between system reboots:\n```\necho \u0027kernel.dmesg_restrict=1\u0027 | sudo tee -a /etc/sysctl.conf\n```"
}
],
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6121",
"datePublished": "2023-11-16T14:45:38.430Z",
"dateReserved": "2023-11-14T10:18:51.337Z",
"dateUpdated": "2025-07-23T21:51:55.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52789 (GCVE-0-2023-52789)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: vcc: Add check for kstrdup() in vcc_probe()
Add check for the return value of kstrdup() and return the error, if it
fails in order to avoid NULL pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T17:26:54.599134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:29.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:35.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/vcc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "38cd56fc9de78bf3c878790785e8c231116ef9d3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "909963e0c16778cec28efb1affc21558825f4200",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "460284dfb10b207980c6f3f7046e33446ceb38ac",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c80f48912b5bd4965352d1a9a989e21743a4a06",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7cebc86481bf16049e266f6774d90f2fd4f8d5d2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a24a31826246b15477399febd13292b0c9f0ee9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8f8771757b130383732195497e47fba2aba76d3a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d81ffb87aaa75f842cd7aa57091810353755b3e6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/vcc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: vcc: Add check for kstrdup() in vcc_probe()\n\nAdd check for the return value of kstrdup() and return the error, if it\nfails in order to avoid NULL pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:14.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3"
},
{
"url": "https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200"
},
{
"url": "https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac"
},
{
"url": "https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc"
},
{
"url": "https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06"
},
{
"url": "https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2"
},
{
"url": "https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9"
},
{
"url": "https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a"
},
{
"url": "https://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6"
}
],
"title": "tty: vcc: Add check for kstrdup() in vcc_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52789",
"datePublished": "2024-05-21T15:31:05.616Z",
"dateReserved": "2024-05-21T15:19:24.241Z",
"dateUpdated": "2025-05-04T07:43:14.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51781 (GCVE-0-2023-51781)
Vulnerability from cvelistv5
Published
2023-12-25 00:00
Modified
2024-08-02 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:11.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T21:06:24.776598",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.8"
},
{
"url": "https://github.com/torvalds/linux/commit/189ff16722ee36ced4d2a2469d4ab65a8fee4198"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"name": "[debian-lts-announce] 20240111 [SECURITY] [DLA 3711-1] linux-5.10 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51781",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-12-25T00:00:00",
"dateUpdated": "2024-08-02T22:48:11.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26696 (GCVE-0-2024-26696)
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
Syzbot reported a hang issue in migrate_pages_batch() called by mbind()
and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.
While migrate_pages_batch() locks a folio and waits for the writeback to
complete, the log writer thread that should bring the writeback to
completion picks up the folio being written back in
nilfs_lookup_dirty_data_buffers() that it calls for subsequent log
creation and was trying to lock the folio. Thus causing a deadlock.
In the first place, it is unexpected that folios/pages in the middle of
writeback will be updated and become dirty. Nilfs2 adds a checksum to
verify the validity of the log being written and uses it for recovery at
mount, so data changes during writeback are suppressed. Since this is
broken, an unclean shutdown could potentially cause recovery to fail.
Investigation revealed that the root cause is that the wait for writeback
completion in nilfs_page_mkwrite() is conditional, and if the backing
device does not require stable writes, data may be modified without
waiting.
Fix these issues by making nilfs_page_mkwrite() wait for writeback to
finish regardless of the stable write requirement of the backing device.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 Version: 1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:53.851812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:30.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "228742b2ddfb99dfd71e5a307e6088ab6836272e",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "862ee4422c38be5c249844a684b00d0dbe9d1e46",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "98a4026b22ff440c7f47056481bcbbe442f607d6",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "7e9b622bd0748cc104d66535b76d9b3535f9dc0f",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "8494ba2c9ea00a54d5b50e69b22c55a8958bce32",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "ea5ddbc11613b55e5128c85f57b08f907abd9b28",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "e38585401d464578d30f5868ff4ca54475c34f7d",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
},
{
"lessThan": "38296afe3c6ee07319e01bb249aa4bb47c07b534",
"status": "affected",
"version": "1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nilfs2/file.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\n\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\n\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio. Thus causing a deadlock.\n\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty. Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed. Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\n\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\n\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:16.666Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e"
},
{
"url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46"
},
{
"url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6"
},
{
"url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f"
},
{
"url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32"
},
{
"url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28"
},
{
"url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d"
},
{
"url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534"
}
],
"title": "nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26696",
"datePublished": "2024-04-03T14:54:56.926Z",
"dateReserved": "2024-02-19T14:20:24.156Z",
"dateUpdated": "2025-05-04T08:54:16.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52433 (GCVE-0-2023-52433)
Vulnerability from cvelistv5
Published
2024-02-20 12:52
Modified
2025-05-04 12:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in this transaction might expired before such transaction
ends. Skip sync GC for such elements otherwise commit path might walk
over an already released object. Once transaction is finished, async GC
will collect such expired element.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: cb4d00b563675ba8ff6ef94b077f58d816f68ba3 Version: c357648929c8dff891502349769aafb8f0452bc2 Version: 146c76866795553dbc19998f36718d7986ad302b Version: 479a2cf5259347d6a1f658b0f791d27a34908e91 Version: df650d6a4bf47248261b61ef6b174d7c54034d15 Version: f6c383b8c31a93752a52697f8430a71dcbc46adf Version: f6c383b8c31a93752a52697f8430a71dcbc46adf Version: e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:13:28.886659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-273",
"description": "CWE-273 Improper Check for Dropped Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:23:39.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-28T15:02:46.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240828-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9db9feb841f7449772f9393c16b9ef4536d8c127",
"status": "affected",
"version": "cb4d00b563675ba8ff6ef94b077f58d816f68ba3",
"versionType": "git"
},
{
"lessThan": "03caf75da1059f0460666c826e9f50e13dfd0017",
"status": "affected",
"version": "c357648929c8dff891502349769aafb8f0452bc2",
"versionType": "git"
},
{
"lessThan": "c323ed65f66e5387ee0a73452118d49f1dae81b8",
"status": "affected",
"version": "146c76866795553dbc19998f36718d7986ad302b",
"versionType": "git"
},
{
"lessThan": "9af7dfb3c9d7985172a240f85e684c5cd33e29ce",
"status": "affected",
"version": "479a2cf5259347d6a1f658b0f791d27a34908e91",
"versionType": "git"
},
{
"lessThan": "9a8c544158f68f656d1734eb5ba00c4f817b76b1",
"status": "affected",
"version": "df650d6a4bf47248261b61ef6b174d7c54034d15",
"versionType": "git"
},
{
"lessThan": "e3213ff99a355cda811b41e8dbb3472d13167a3a",
"status": "affected",
"version": "f6c383b8c31a93752a52697f8430a71dcbc46adf",
"versionType": "git"
},
{
"lessThan": "2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4",
"status": "affected",
"version": "f6c383b8c31a93752a52697f8430a71dcbc46adf",
"versionType": "git"
},
{
"status": "affected",
"version": "e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_rbtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:48:59.453Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127"
},
{
"url": "https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017"
},
{
"url": "https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8"
},
{
"url": "https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd33e29ce"
},
{
"url": "https://git.kernel.org/stable/c/9a8c544158f68f656d1734eb5ba00c4f817b76b1"
},
{
"url": "https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a"
},
{
"url": "https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4"
}
],
"title": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52433",
"datePublished": "2024-02-20T12:52:56.753Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2025-05-04T12:48:59.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52855 (GCVE-0-2023-52855)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without
holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
spin_lock_irqsave(&hsotg->lock, flags);
...
if (!urb->hcpriv) {
dev_dbg(hsotg->dev, "## urb->hcpriv is NULL ##\n");
goto out;
}
rc = dwc2_hcd_urb_dequeue(hsotg, urb->hcpriv); // Use urb->hcpriv
...
out:
spin_unlock_irqrestore(&hsotg->lock, flags);
When _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are
concurrently executed, the NULL check of "urb->hcpriv" can be executed
before "urb->hcpriv = NULL". After urb->hcpriv is NULL, it can be used
in the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL
pointer dereference.
This possible bug is found by an experimental static analysis tool
developed by myself. This tool analyzes the locking APIs to extract
function pairs that can be concurrently executed, and then analyzes the
instructions in the paired functions to identify possible concurrency
bugs including data races and atomicity violations. The above possible
bug is reported, when my tool analyzes the source code of Linux 6.5.
To fix this possible bug, "urb->hcpriv = NULL" should be executed with
holding the lock "hsotg->lock". After using this patch, my tool never
reports the possible bug, with the kernelconfiguration allyesconfig for
x86_64. Because I have no associated hardware, I cannot test the patch
in runtime testing, and just verify it according to the code logic.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f Version: 33ad261aa62be02f0cedeb4d5735cc726de84a3f |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T17:15:57.421865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T14:51:47.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "14c9ec34e8118fbffd7f5431814d767726323e72",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "fed492aa6493a91a77ebd51da6fb939c98d94a0d",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "64c47749fc7507ed732e155c958253968c1d275e",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "bdb3dd4096302d6b87441fdc528439f171b04be6",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "fcaafb574fc88a52dce817f039f7ff2f9da38001",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "6b21a22728852d020a6658d39cd7bb7e14b07790",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "3e851a77a13ce944d703721793f49ee82622986d",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "a7bee9598afb38004841a41dd8fe68c1faff4e90",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
},
{
"lessThan": "ef307bc6ef04e8c1ea843231db58e3afaafa9fa6",
"status": "affected",
"version": "33ad261aa62be02f0cedeb4d5735cc726de84a3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/dwc2/hcd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.330",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.330",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: fix possible NULL pointer dereference caused by driver concurrency\n\nIn _dwc2_hcd_urb_enqueue(), \"urb-\u003ehcpriv = NULL\" is executed without\nholding the lock \"hsotg-\u003elock\". In _dwc2_hcd_urb_dequeue():\n\n spin_lock_irqsave(\u0026hsotg-\u003elock, flags);\n ...\n\tif (!urb-\u003ehcpriv) {\n\t\tdev_dbg(hsotg-\u003edev, \"## urb-\u003ehcpriv is NULL ##\\n\");\n\t\tgoto out;\n\t}\n rc = dwc2_hcd_urb_dequeue(hsotg, urb-\u003ehcpriv); // Use urb-\u003ehcpriv\n ...\nout:\n spin_unlock_irqrestore(\u0026hsotg-\u003elock, flags);\n\nWhen _dwc2_hcd_urb_enqueue() and _dwc2_hcd_urb_dequeue() are\nconcurrently executed, the NULL check of \"urb-\u003ehcpriv\" can be executed\nbefore \"urb-\u003ehcpriv = NULL\". After urb-\u003ehcpriv is NULL, it can be used\nin the function call to dwc2_hcd_urb_dequeue(), which can cause a NULL\npointer dereference.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by myself. This tool analyzes the locking APIs to extract\nfunction pairs that can be concurrently executed, and then analyzes the\ninstructions in the paired functions to identify possible concurrency\nbugs including data races and atomicity violations. The above possible\nbug is reported, when my tool analyzes the source code of Linux 6.5.\n\nTo fix this possible bug, \"urb-\u003ehcpriv = NULL\" should be executed with\nholding the lock \"hsotg-\u003elock\". After using this patch, my tool never\nreports the possible bug, with the kernelconfiguration allyesconfig for\nx86_64. Because I have no associated hardware, I cannot test the patch\nin runtime testing, and just verify it according to the code logic."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:44:23.557Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72"
},
{
"url": "https://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d"
},
{
"url": "https://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e"
},
{
"url": "https://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6"
},
{
"url": "https://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001"
},
{
"url": "https://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790"
},
{
"url": "https://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d"
},
{
"url": "https://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90"
},
{
"url": "https://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6"
}
],
"title": "usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52855",
"datePublished": "2024-05-21T15:31:49.909Z",
"dateReserved": "2024-05-21T15:19:24.257Z",
"dateUpdated": "2025-05-04T07:44:23.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26704 (GCVE-0-2024-26704)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix double-free of blocks due to wrong extents moved_len
In ext4_move_extents(), moved_len is only updated when all moves are
successfully executed, and only discards orig_inode and donor_inode
preallocations when moved_len is not zero. When the loop fails to exit
after successfully moving some extents, moved_len is not updated and
remains at 0, so it does not discard the preallocations.
If the moved extents overlap with the preallocated extents, the
overlapped extents are freed twice in ext4_mb_release_inode_pa() and
ext4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4:
Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is
incremented twice. Hence when trim is executed, a zero-division bug is
triggered in mb_update_avg_fragment_size() because bb_free is not zero
and bb_fragments is zero.
Therefore, update move_len after each extent move to avoid the issue.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a Version: fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:52:39.832740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4fbb89d722cbb16beaaea234b7230faaaf68c71",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "afbcad9ae7d6d11608399188f03a837451b6b3a1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "d033a555d9a1cf53dbf3301af7199cc4a4c8f537",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "afba9d11320dad5ce222ac8964caf64b7b4bedb1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "2883940b19c38d5884c8626483811acf4d7e148f",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "559ddacb90da1d8786dd8ec4fd76bbfa404eaef6",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
},
{
"lessThan": "55583e899a5357308274601364741a83e78d6ac4",
"status": "affected",
"version": "fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/move_extent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double-free of blocks due to wrong extents moved_len\n\nIn ext4_move_extents(), moved_len is only updated when all moves are\nsuccessfully executed, and only discards orig_inode and donor_inode\npreallocations when moved_len is not zero. When the loop fails to exit\nafter successfully moving some extents, moved_len is not updated and\nremains at 0, so it does not discard the preallocations.\n\nIf the moved extents overlap with the preallocated extents, the\noverlapped extents are freed twice in ext4_mb_release_inode_pa() and\next4_process_freed_data() (as described in commit 94d7c16cbbbd (\"ext4:\nFix double-free of blocks with EXT4_IOC_MOVE_EXT\")), and bb_free is\nincremented twice. Hence when trim is executed, a zero-division bug is\ntriggered in mb_update_avg_fragment_size() because bb_free is not zero\nand bb_fragments is zero.\n\nTherefore, update move_len after each extent move to avoid the issue."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:27.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71"
},
{
"url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1"
},
{
"url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537"
},
{
"url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1"
},
{
"url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1"
},
{
"url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f"
},
{
"url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6"
},
{
"url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4"
}
],
"title": "ext4: fix double-free of blocks due to wrong extents moved_len",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26704",
"datePublished": "2024-04-03T14:55:02.672Z",
"dateReserved": "2024-02-19T14:20:24.158Z",
"dateUpdated": "2025-05-04T08:54:27.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26804 (GCVE-0-2024-26804)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: ip_tunnel: prevent perpetual headroom growth
syzkaller triggered following kasan splat:
BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191
[..]
kasan_report+0xda/0x110 mm/kasan/report.c:588
__skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170
skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]
___skb_get_hash net/core/flow_dissector.c:1791 [inline]
__skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856
skb_get_hash include/linux/skbuff.h:1556 [inline]
ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748
ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
__dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592
...
ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235
ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323
..
iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831
ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665
__netdev_start_xmit include/linux/netdevice.h:4940 [inline]
netdev_start_xmit include/linux/netdevice.h:4954 [inline]
xmit_one net/core/dev.c:3548 [inline]
dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564
...
The splat occurs because skb->data points past skb->head allocated area.
This is because neigh layer does:
__skb_pull(skb, skb_network_offset(skb));
... but skb_network_offset() returns a negative offset and __skb_pull()
arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value.
The negative value is returned because skb->head and skb->data distance is
more than 64k and skb->network_header (u16) has wrapped around.
The bug is in the ip_tunnel infrastructure, which can cause
dev->needed_headroom to increment ad infinitum.
The syzkaller reproducer consists of packets getting routed via a gre
tunnel, and route of gre encapsulated packets pointing at another (ipip)
tunnel. The ipip encapsulation finds gre0 as next output device.
This results in the following pattern:
1). First packet is to be sent out via gre0.
Route lookup found an output device, ipip0.
2).
ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future
output device, rt.dev->needed_headroom (ipip0).
3).
ip output / start_xmit moves skb on to ipip0. which runs the same
code path again (xmit recursion).
4).
Routing step for the post-gre0-encap packet finds gre0 as output device
to use for ipip0 encapsulated packet.
tunl0->needed_headroom is then incremented based on the (already bumped)
gre0 device headroom.
This repeats for every future packet:
gre0->needed_headroom gets inflated because previous packets' ipip0 step
incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0
needed_headroom was increased.
For each subsequent packet, gre/ipip0->needed_headroom grows until
post-expand-head reallocations result in a skb->head/data distance of
more than 64k.
Once that happens, skb->network_header (u16) wraps around when
pskb_expand_head tries to make sure that skb_network_offset() is unchanged
after the headroom expansion/reallocation.
After this skb_network_offset(skb) returns a different (and negative)
result post headroom expansion.
The next trip to neigh layer (or anything else that would __skb_pull the
network header) makes skb->data point to a memory location outside
skb->head area.
v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to
prevent perpetual increase instead of dropping the headroom increment
completely.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 243aad830e8a4cdda261626fbaeddde16b08d04a Version: 03017375b0122453e6dda833ff7bd4191915def5 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:26:17.359512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:40:15.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f81e94d2dcd2397137edcb8b85f4c5bed5d22383",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "2e95350fe9db9d53c701075060ac8ac883b68aee",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "afec0c5cd2ed71ca95a8b36a5e6d03333bf34282",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "ab63de24ebea36fe73ac7121738595d704b66d96",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "049d7989c67e8dd50f07a2096dbafdb41331fb9b",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"lessThan": "5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f",
"status": "affected",
"version": "243aad830e8a4cdda261626fbaeddde16b08d04a",
"versionType": "git"
},
{
"status": "affected",
"version": "03017375b0122453e6dda833ff7bd4191915def5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_tunnel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.33.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb-\u003edata points past skb-\u003ehead allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb-\u003edata gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb-\u003ehead and skb-\u003edata distance is\nmore than 64k and skb-\u003enetwork_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev-\u003eneeded_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0-\u003eneeded_headroom based on the future\noutput device, rt.dev-\u003eneeded_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0-\u003eneeded_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0-\u003eneeded_headroom gets inflated because previous packets\u0027 ipip0 step\nincremented rt-\u003edev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0-\u003eneeded_headroom grows until\npost-expand-head reallocations result in a skb-\u003ehead/data distance of\nmore than 64k.\n\nOnce that happens, skb-\u003enetwork_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb-\u003edata point to a memory location outside\nskb-\u003ehead area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:46.707Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383"
},
{
"url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee"
},
{
"url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282"
},
{
"url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96"
},
{
"url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9"
},
{
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b"
},
{
"url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f"
}
],
"title": "net: ip_tunnel: prevent perpetual headroom growth",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26804",
"datePublished": "2024-04-04T08:20:31.305Z",
"dateReserved": "2024-02-19T14:20:24.179Z",
"dateUpdated": "2025-05-04T12:54:46.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26835 (GCVE-0-2024-26835)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 Version: e10f661adc556c4969c70ddaddf238bffdaf1e87 Version: d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 Version: 179d9ba5559a756f4322583388b3213fe4e391b0 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:51.357992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:28.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a6411f3c48f991c19aaf9a24fce36865fbba28d7",
"status": "affected",
"version": "bf8083bbf8fa202e6e5316bbd99759ab82bfe7a3",
"versionType": "git"
},
{
"lessThan": "ae4360cbd385f0d7a8a86d5723e50448cc6318f3",
"status": "affected",
"version": "e10f661adc556c4969c70ddaddf238bffdaf1e87",
"versionType": "git"
},
{
"lessThan": "31ea574aeca1aa488e18716459bde057217637af",
"status": "affected",
"version": "d9c4da8cb74e8ee6e58a064a3573aa37acf6c935",
"versionType": "git"
},
{
"lessThan": "664264a5c55bf97a9c571c557d477b75416199be",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "0c9302a6da262e6ab6a6c1d30f04a6130ed97376",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "f2135bbf14949687e96cabb13d8a91ae3deb9069",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "6f2496366426cec18ba53f1c7f6c3ac307ca6a95",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
},
{
"lessThan": "bccebf64701735533c8db37773eeacc6566cc8ec",
"status": "affected",
"version": "179d9ba5559a756f4322583388b3213fe4e391b0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.10.202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:35.908Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7"
},
{
"url": "https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3"
},
{
"url": "https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af"
},
{
"url": "https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be"
},
{
"url": "https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376"
},
{
"url": "https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069"
},
{
"url": "https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95"
},
{
"url": "https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec"
}
],
"title": "netfilter: nf_tables: set dormant flag on hook register failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26835",
"datePublished": "2024-04-17T10:10:02.907Z",
"dateReserved": "2024-02-19T14:20:24.181Z",
"dateUpdated": "2025-05-04T08:57:35.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6932 (GCVE-0-2023-6932)
Vulnerability from cvelistv5
Published
2023-12-19 14:09
Modified
2025-02-13 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.
A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.
We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Kernel",
"repo": "https://git.kernel.org",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.7",
"status": "affected",
"version": "2.6.12",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-24T15:25:56.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-08T16:06:01.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"url": "https://kernel.dance/e2b706c691905fe78468c361aaabc719d0a496f1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"
},
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-after-free in Linux kernel\u0027s ipv4: igmp component",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2023-6932",
"datePublished": "2023-12-19T14:09:15.662Z",
"dateReserved": "2023-12-18T20:14:26.281Z",
"dateUpdated": "2025-02-13T17:27:00.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6040 (GCVE-0-2023-6040)
Vulnerability from cvelistv5
Published
2024-01-12 01:37
Modified
2025-06-17 21:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Linux Kernel Organization | linux |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T16:55:56.231770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:09:18.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "linux",
"platforms": [
"Linux"
],
"product": "linux",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git",
"vendor": "The Linux Kernel Organization",
"versions": [
{
"lessThan": "5.18-rc1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lin Ma from Ant Security Light-Year Lab \u0026 ZJU"
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:12:45.871Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6040"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/12/1"
},
{
"url": "http://packetstormsecurity.com/files/177029/Kernel-Live-Patch-Security-Notice-LSN-0100-1.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)",
"workarounds": [
{
"lang": "en",
"value": "Disabling unprivileged user namespaces mitigates the issue."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-6040",
"datePublished": "2024-01-12T01:37:45.387Z",
"dateReserved": "2023-11-08T20:12:50.288Z",
"dateUpdated": "2025-06-17T21:09:18.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26635 (GCVE-0-2024-26635)
Vulnerability from cvelistv5
Published
2024-03-18 10:14
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: Drop support for ETH_P_TR_802_2.
syzbot reported an uninit-value bug below. [0]
llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2
(0x0011), and syzbot abused the latter to trigger the bug.
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16)
llc_conn_handler() initialises local variables {saddr,daddr}.mac
based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes
them to __llc_lookup().
However, the initialisation is done only when skb->protocol is
htons(ETH_P_802_2), otherwise, __llc_lookup_established() and
__llc_lookup_listener() will read garbage.
The missing initialisation existed prior to commit 211ed865108e
("net: delete all instances of special processing for token ring").
It removed the part to kick out the token ring stuff but forgot to
close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().
Let's remove llc_tr_packet_type and complete the deprecation.
[0]:
BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90
__llc_lookup_established+0xe9d/0xf90
__llc_lookup net/llc/llc_conn.c:611 [inline]
llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791
llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
__netif_receive_skb_one_core net/core/dev.c:5527 [inline]
__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641
netif_receive_skb_internal net/core/dev.c:5727 [inline]
netif_receive_skb+0x58/0x660 net/core/dev.c:5786
tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555
tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002
tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048
call_write_iter include/linux/fs.h:2020 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x8ef/0x1490 fs/read_write.c:584
ksys_write+0x20f/0x4c0 fs/read_write.c:637
__do_sys_write fs/read_write.c:649 [inline]
__se_sys_write fs/read_write.c:646 [inline]
__x64_sys_write+0x93/0xd0 fs/read_write.c:646
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Local variable daddr created at:
llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783
llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206
CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 Version: 211ed865108e24697b44bee5daac502ee6bdd4a4 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:55:09.935989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:17.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/llc_pdu.h",
"net/llc/llc_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "165ad1e22779685c3ed3dd349c6c4c632309cc62",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "b8e8838f82f332ae80c643dbb1ca4418d0628097",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "9ccdef19cf9497c2803b005369668feb91cacdfd",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "660c3053d992b68fee893a0e9ec9159228cffdc6",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "f1f34a515fb1e25e85dee94f781e7869ae351fb8",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "df57fc2f2abf548aa889a36ab0bdcc94a75399dc",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
},
{
"lessThan": "e3f9bed9bee261e3347131764e42aeedf1ffea61",
"status": "affected",
"version": "211ed865108e24697b44bee5daac502ee6bdd4a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/llc_pdu.h",
"net/llc/llc_core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.5"
},
{
"lessThan": "3.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: Drop support for ETH_P_TR_802_2.\n\nsyzbot reported an uninit-value bug below. [0]\n\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\n\n write$tun(r0, \u0026(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, \u0027)\u0027, \"90e5dd\"}}}}, 0x16)\n\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\n\nHowever, the initialisation is done only when skb-\u003eprotocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\n\nThe missing initialisation existed prior to commit 211ed865108e\n(\"net: delete all instances of special processing for token ring\").\n\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\n\nLet\u0027s remove llc_tr_packet_type and complete the deprecation.\n\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:47.059Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62"
},
{
"url": "https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097"
},
{
"url": "https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd"
},
{
"url": "https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828"
},
{
"url": "https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6"
},
{
"url": "https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8"
},
{
"url": "https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc"
},
{
"url": "https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61"
}
],
"title": "llc: Drop support for ETH_P_TR_802_2.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26635",
"datePublished": "2024-03-18T10:14:47.213Z",
"dateReserved": "2024-02-19T14:20:24.136Z",
"dateUpdated": "2025-05-04T08:52:47.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26679 (GCVE-0-2024-26679)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 12:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
inet: read sk->sk_family once in inet_recv_error()
inet_recv_error() is called without holding the socket lock.
IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM
socket option and trigger a KCSAN warning.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: f4713a3dfad045d46afcb9c2a7d0bba288920ed4 Version: 433337f9c00cac447d020922f59237273f5d92be |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T18:38:38.646941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:50.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "caa064c3c2394d03e289ebd6b0be5102eb8a5b40",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "5993f121fbc01dc2d734f0ff2628009b258fb1dd",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "88081ba415224cf413101def4343d660f56d082b",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "3266e638ba5cc1165f5e6989eb8c0720f1cc4b41",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "54538752216bf89ee88d47ad07802063a498c299",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "4a5e31bdd3c1702b520506d9cf8c41085f75c7f2",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "307fa8a75ab7423fa5c73573ec3d192de5027830",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"lessThan": "eef00a82c568944f113f2de738156ac591bbd5cd",
"status": "affected",
"version": "f4713a3dfad045d46afcb9c2a7d0bba288920ed4",
"versionType": "git"
},
{
"status": "affected",
"version": "433337f9c00cac447d020922f59237273f5d92be",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/af_inet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: read sk-\u003esk_family once in inet_recv_error()\n\ninet_recv_error() is called without holding the socket lock.\n\nIPv6 socket could mutate to IPv4 with IPV6_ADDRFORM\nsocket option and trigger a KCSAN warning."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:54:25.209Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/caa064c3c2394d03e289ebd6b0be5102eb8a5b40"
},
{
"url": "https://git.kernel.org/stable/c/5993f121fbc01dc2d734f0ff2628009b258fb1dd"
},
{
"url": "https://git.kernel.org/stable/c/88081ba415224cf413101def4343d660f56d082b"
},
{
"url": "https://git.kernel.org/stable/c/3266e638ba5cc1165f5e6989eb8c0720f1cc4b41"
},
{
"url": "https://git.kernel.org/stable/c/54538752216bf89ee88d47ad07802063a498c299"
},
{
"url": "https://git.kernel.org/stable/c/4a5e31bdd3c1702b520506d9cf8c41085f75c7f2"
},
{
"url": "https://git.kernel.org/stable/c/307fa8a75ab7423fa5c73573ec3d192de5027830"
},
{
"url": "https://git.kernel.org/stable/c/eef00a82c568944f113f2de738156ac591bbd5cd"
}
],
"title": "inet: read sk-\u003esk_family once in inet_recv_error()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26679",
"datePublished": "2024-04-02T07:01:43.133Z",
"dateReserved": "2024-02-19T14:20:24.152Z",
"dateUpdated": "2025-05-04T12:54:25.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52617 (GCVE-0-2023-52617)
Vulnerability from cvelistv5
Published
2024-03-18 10:19
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: switchtec: Fix stdev_release() crash after surprise hot remove
A PCI device hot removal may occur while stdev->cdev is held open. The call
to stdev_release() then happens during close or exit, at a point way past
switchtec_pci_remove(). Otherwise the last ref would vanish with the
trailing put_device(), just before return.
At that later point in time, the devm cleanup has already removed the
stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted
one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause
a fatal page fault, and the subsequent dma_free_coherent(), if reached,
would pass a stale &stdev->pdev->dev pointer.
Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after
stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent
future accidents.
Reproducible via the script at
https://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T20:25:20.462363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T20:25:39.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pci/switch/switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d8c293549946ee5078ed0ab77793cec365559355",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4a5d0528cf19dbf060313dffbe047bc11c90c24c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1d83c85922647758c1f1e4806a4c5c3cf591a20a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0233b836312e39a3c763fb53512b3fa455b473b3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e129c7fa7070fbce57feb0bfc5eaa65eef44b693",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "df25461119d987b8c81d232cfe4411e91dcabe66",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pci/switch/switchtec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev-\u003ecdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev-\u003emmio_mrpc mapping. Also, the stdev-\u003epdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale \u0026stdev-\u003epdev-\u003edev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev-\u003epdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:58.447Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355"
},
{
"url": "https://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c"
},
{
"url": "https://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8"
},
{
"url": "https://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a"
},
{
"url": "https://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3"
},
{
"url": "https://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693"
},
{
"url": "https://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66"
}
],
"title": "PCI: switchtec: Fix stdev_release() crash after surprise hot remove",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52617",
"datePublished": "2024-03-18T10:19:04.651Z",
"dateReserved": "2024-03-06T09:52:12.089Z",
"dateUpdated": "2025-05-04T07:39:58.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52601 (GCVE-0-2023-52601)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbAdjTree
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d3898b4d72c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3f8217c323fd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2037cb9d95f1",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8393c80cce45",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "70780914cb57",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2e16a1389b5a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "fc67a2e18f4c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "74ecdda68242",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.0",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.0",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.0",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.0",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.0",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.0",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.0",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:14:12.585306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:45:39.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3d3898b4d72c677d47fe3cb554449f2df5c12555",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2037cb9d95f1741885f7daf50e8a028c4ade5317",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8393c80cce45f40c1256d72e21ad351b3650c57e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "70780914cb57e2ba711e0ac1b677aaaa75103603",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fc67a2e18f4c4e3f07e9f9ae463da24530470e73",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "74ecdda68242b174920fe7c6133a856fb7d8559b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dmap.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in dbAdjTree\n\nCurrently there is a bound check missing in the dbAdjTree while\naccessing the dmt_stree. To add the required check added the bool is_ctl\nwhich is required to determine the size as suggest in the following\ncommit.\nhttps://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:34.043Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555"
},
{
"url": "https://git.kernel.org/stable/c/3f8217c323fd6ecd6829a0c3ae7ac3f14eac368e"
},
{
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317"
},
{
"url": "https://git.kernel.org/stable/c/8393c80cce45f40c1256d72e21ad351b3650c57e"
},
{
"url": "https://git.kernel.org/stable/c/70780914cb57e2ba711e0ac1b677aaaa75103603"
},
{
"url": "https://git.kernel.org/stable/c/2e16a1389b5a7983b45cb2aa20b0e3f0ee364d6c"
},
{
"url": "https://git.kernel.org/stable/c/fc67a2e18f4c4e3f07e9f9ae463da24530470e73"
},
{
"url": "https://git.kernel.org/stable/c/74ecdda68242b174920fe7c6133a856fb7d8559b"
}
],
"title": "jfs: fix array-index-out-of-bounds in dbAdjTree",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52601",
"datePublished": "2024-03-06T06:45:28.715Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:34.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52784 (GCVE-0-2023-52784)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-05-04 07:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: stop the device in bond_setup_by_slave()
Commit 9eed321cde22 ("net: lapbether: only support ethernet devices")
has been able to keep syzbot away from net/lapb, until today.
In the following splat [1], the issue is that a lapbether device has
been created on a bonding device without members. Then adding a non
ARPHRD_ETHER member forced the bonding master to change its type.
The fix is to make sure we call dev_close() in bond_setup_by_slave()
so that the potential linked lapbether devices (or any other devices
having assumptions on the physical device) are removed.
A similar bug has been addressed in commit 40baec225765
("bonding: fix panic on non-ARPHRD_ETHER enslave failure")
[1]
skbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0
kernel BUG at net/core/skbuff.c:192 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:188 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
lr : skb_panic net/core/skbuff.c:188 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
sp : ffff800096a06aa0
x29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000
x26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea
x23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140
x20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100
x17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001
x14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00
x8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c
x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086
Call trace:
skb_panic net/core/skbuff.c:188 [inline]
skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
skb_push+0xf0/0x108 net/core/skbuff.c:2446
ip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384
dev_hard_header include/linux/netdevice.h:3136 [inline]
lapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257
lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447
lapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149
lapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251
__lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326
lapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492
notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508
dev_close_many+0x1e0/0x470 net/core/dev.c:1559
dev_close+0x174/0x250 net/core/dev.c:1585
lapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466
notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93
raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508
dev_close_many+0x1e0/0x470 net/core/dev.c:1559
dev_close+0x174/0x250 net/core/dev.c:1585
bond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332
bond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539
dev_ifsioc+0x754/0x9ac
dev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786
sock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217
sock_ioctl+0x4e8/0x834 net/socket.c:1322
vfs_ioctl fs/ioctl.c:51 [inline]
__do_
---truncated---
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 Version: 872254dd6b1f80cb95ee9e2e22980888533fc293 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52784",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T18:34:45.558216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:37.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b4f0e605a508f6d7cda6df2f03a0c676b778b1fe",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "396baca6683f415b5bc2b380289387bef1406edc",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "53064e8239dd2ecfefc5634e991f1025abc2ee0c",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "19554aa901b5833787df4417a05ccdebf351b7f4",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "87c49806a37f88eddde3f537c162fd0c2834170c",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "d98c91215a5748a0f536e7ccea26027005196859",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
},
{
"lessThan": "3cffa2ddc4d3fcf70cde361236f5a614f81a09b2",
"status": "affected",
"version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.24"
},
{
"lessThan": "2.6.24",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "2.6.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: stop the device in bond_setup_by_slave()\n\nCommit 9eed321cde22 (\"net: lapbether: only support ethernet devices\")\nhas been able to keep syzbot away from net/lapb, until today.\n\nIn the following splat [1], the issue is that a lapbether device has\nbeen created on a bonding device without members. Then adding a non\nARPHRD_ETHER member forced the bonding master to change its type.\n\nThe fix is to make sure we call dev_close() in bond_setup_by_slave()\nso that the potential linked lapbether devices (or any other devices\nhaving assumptions on the physical device) are removed.\n\nA similar bug has been addressed in commit 40baec225765\n(\"bonding: fix panic on non-ARPHRD_ETHER enslave failure\")\n\n[1]\nskbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0\nkernel BUG at net/core/skbuff.c:192 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_panic net/core/skbuff.c:188 [inline]\npc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nlr : skb_panic net/core/skbuff.c:188 [inline]\nlr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nsp : ffff800096a06aa0\nx29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000\nx26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea\nx23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140\nx20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100\nx17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001\nx14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00\nx8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c\nx2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086\nCall trace:\nskb_panic net/core/skbuff.c:188 [inline]\nskb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nskb_push+0xf0/0x108 net/core/skbuff.c:2446\nip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384\ndev_hard_header include/linux/netdevice.h:3136 [inline]\nlapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257\nlapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447\nlapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149\nlapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251\n__lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326\nlapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nlapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nbond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332\nbond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539\ndev_ifsioc+0x754/0x9ac\ndev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786\nsock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217\nsock_ioctl+0x4e8/0x834 net/socket.c:1322\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:43:09.102Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
},
{
"url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
},
{
"url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
},
{
"url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
},
{
"url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
},
{
"url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
},
{
"url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
}
],
"title": "bonding: stop the device in bond_setup_by_slave()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52784",
"datePublished": "2024-05-21T15:31:02.362Z",
"dateReserved": "2024-05-21T15:19:24.240Z",
"dateUpdated": "2025-05-04T07:43:09.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52623 (GCVE-0-2023-52623)
Vulnerability from cvelistv5
Published
2024-03-26 17:19
Modified
2025-05-22 13:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a suspicious RCU usage warning
I received the following warning while running cthon against an ontap
server running pNFS:
[ 57.202521] =============================
[ 57.202522] WARNING: suspicious RCU usage
[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted
[ 57.202525] -----------------------------
[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!
[ 57.202527]
other info that might help us debug this:
[ 57.202528]
rcu_scheduler_active = 2, debug_locks = 1
[ 57.202529] no locks held by test5/3567.
[ 57.202530]
stack backtrace:
[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e
[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022
[ 57.202536] Call Trace:
[ 57.202537] <TASK>
[ 57.202540] dump_stack_lvl+0x77/0xb0
[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0
[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]
[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]
[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202866] write_cache_pages+0x265/0x450
[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202913] do_writepages+0xd2/0x230
[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80
[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80
[ 57.202924] filemap_write_and_wait_range+0xd9/0x170
[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]
[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]
[ 57.202969] __se_sys_close+0x46/0xd0
[ 57.202972] do_syscall_64+0x68/0x100
[ 57.202975] ? do_syscall_64+0x77/0x100
[ 57.202976] ? do_syscall_64+0x77/0x100
[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76
[ 57.202982] RIP: 0033:0x7fe2b12e4a94
[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3
[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94
[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003
[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49
[ 57.202993] R10: 00007f
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 Version: 39e5d2df959dd4aea81fa33d765d2a5cc67a0512 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:58:01.744367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:30:00.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtmultipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fece80a2a6718ed58487ce397285bb1b83a3e54e",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "7a96d85bf196c170dcf1b47a82e9bb97cca69aa6",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "c430e6bb43955c6bf573665fcebf31694925b9f7",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "69c7eeb4f622c2a28da965f970f982db171f3dc6",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "8f860c8407470baff2beb9982ad6b172c94f1d0a",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
},
{
"lessThan": "31b62908693c90d4d07db597e685d9f25a120073",
"status": "affected",
"version": "39e5d2df959dd4aea81fa33d765d2a5cc67a0512",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtmultipath.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a suspicious RCU usage warning\n\nI received the following warning while running cthon against an ontap\nserver running pNFS:\n\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\n\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] \u003cTASK\u003e\n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:49.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fece80a2a6718ed58487ce397285bb1b83a3e54e"
},
{
"url": "https://git.kernel.org/stable/c/7a96d85bf196c170dcf1b47a82e9bb97cca69aa6"
},
{
"url": "https://git.kernel.org/stable/c/c430e6bb43955c6bf573665fcebf31694925b9f7"
},
{
"url": "https://git.kernel.org/stable/c/f8cf4dabbdcb8bef85335b0ed7ad5b25fd82ff56"
},
{
"url": "https://git.kernel.org/stable/c/e8ca3e73301e23e8c0ac0ce2e6bac4545cd776e0"
},
{
"url": "https://git.kernel.org/stable/c/69c7eeb4f622c2a28da965f970f982db171f3dc6"
},
{
"url": "https://git.kernel.org/stable/c/8f860c8407470baff2beb9982ad6b172c94f1d0a"
},
{
"url": "https://git.kernel.org/stable/c/31b62908693c90d4d07db597e685d9f25a120073"
}
],
"title": "SUNRPC: Fix a suspicious RCU usage warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52623",
"datePublished": "2024-03-26T17:19:24.425Z",
"dateReserved": "2024-03-06T09:52:12.090Z",
"dateUpdated": "2025-05-22T13:30:00.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52602 (GCVE-0-2023-52602)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix slab-out-of-bounds Read in dtSearch
Currently while searching for current page in the sorted entry table
of the page there is a out of bound access. Added a bound check to fix
the error.
Dave:
Set return code to -EIO
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ce8bc22e9486",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "1b9d6828589d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "1c40ca3d39d7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "6c6a96c3d74d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "cab0c265ba18",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "7110650b85dd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "bff9d4078a23",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "fa5492ee8946",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.307",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.269",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.77",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.16",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T15:55:18.699623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:55:56.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ce8bc22e948634a5c0a3fa58a179177d0e3f3950",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1b9d6828589d57f94a23fb1c46112cda39d7efdb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1c40ca3d39d769931b28295b3145c25f1decf5a6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6c6a96c3d74df185ee344977d46944d6f33bb4dd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cab0c265ba182fd266c2aa3c69d7e40640a7f612",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7110650b85dd2f1cee819acd1345a9013a1a62f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bff9d4078a232c01e42e9377d005fb2f4d31a472",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fa5492ee89463a7590a1449358002ff7ef63529f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jfs/jfs_dtree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix slab-out-of-bounds Read in dtSearch\n\nCurrently while searching for current page in the sorted entry table\nof the page there is a out of bound access. Added a bound check to fix\nthe error.\n\nDave:\nSet return code to -EIO"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:40.569Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950"
},
{
"url": "https://git.kernel.org/stable/c/1b9d6828589d57f94a23fb1c46112cda39d7efdb"
},
{
"url": "https://git.kernel.org/stable/c/1c40ca3d39d769931b28295b3145c25f1decf5a6"
},
{
"url": "https://git.kernel.org/stable/c/6c6a96c3d74df185ee344977d46944d6f33bb4dd"
},
{
"url": "https://git.kernel.org/stable/c/cab0c265ba182fd266c2aa3c69d7e40640a7f612"
},
{
"url": "https://git.kernel.org/stable/c/7110650b85dd2f1cee819acd1345a9013a1a62f7"
},
{
"url": "https://git.kernel.org/stable/c/bff9d4078a232c01e42e9377d005fb2f4d31a472"
},
{
"url": "https://git.kernel.org/stable/c/fa5492ee89463a7590a1449358002ff7ef63529f"
}
],
"title": "jfs: fix slab-out-of-bounds Read in dtSearch",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52602",
"datePublished": "2024-03-06T06:45:29.227Z",
"dateReserved": "2024-03-02T21:55:42.573Z",
"dateUpdated": "2025-05-04T07:39:40.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52507 (GCVE-0-2023-52507)
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 07:38
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: assert requested protocol is valid
The protocol is used in a bit mask to determine if the protocol is
supported. Assert the provided protocol is less than the maximum
defined so it doesn't potentially perform a shift-out-of-bounds and
provide a clearer error for undefined protocols vs unsupported ones.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 Version: 6a2968aaf50c7a22fced77a5e24aa636281efca8 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:56:50.242082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:41.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2c231a247a1d1628e41fa1eefd1a5307c41c5f53",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "a686f84101680b8442181a8846fbd3c934653729",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "95733ea130e35ef9ec5949a5908dde3feaba92cb",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "a424807d860ba816aaafc3064b46b456361c0802",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "25dd54b95abfdca423b65a4ee620a774777d8213",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "853dda54ba59ea70d5580a298b7ede4707826848",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "6584eba7688dcf999542778b07f63828c21521da",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
},
{
"lessThan": "354a6e707e29cb0c007176ee5b8db8be7bd2dee0",
"status": "affected",
"version": "6a2968aaf50c7a22fced77a5e24aa636281efca8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/nci/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.2"
},
{
"lessThan": "3.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn\u0027t potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:38:13.869Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53"
},
{
"url": "https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729"
},
{
"url": "https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb"
},
{
"url": "https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802"
},
{
"url": "https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213"
},
{
"url": "https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848"
},
{
"url": "https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da"
},
{
"url": "https://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0"
}
],
"title": "nfc: nci: assert requested protocol is valid",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52507",
"datePublished": "2024-03-02T21:52:20.724Z",
"dateReserved": "2024-02-20T12:30:33.314Z",
"dateUpdated": "2025-05-04T07:38:13.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6606 (GCVE-0-2023-6606)
Vulnerability from cvelistv5
Published
2023-12-08 16:58
Modified
2025-08-04 05:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 0:4.18.0-513.18.1.rt7.320.el8_9 < * cpe:/a:redhat:enterprise_linux:8::realtime cpe:/a:redhat:enterprise_linux:8::nfv |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-11T21:20:47.767463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T14:22:01.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6606"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
},
{
"name": "RHBZ#2253611",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime",
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.rt7.320.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-513.18.1.el8_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.8::baseos",
"cpe:/a:redhat:rhel_eus:8.8::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-477.51.1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::nfv",
"cpe:/o:redhat:enterprise_linux:9::baseos",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-362.24.1.el9_3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
"cpe:/o:redhat:rhel_eus:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::nfv",
"cpe:/a:redhat:rhel_eus:9.2::realtime"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.14.0-284.52.1.rt14.337.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:8.6::baseos",
"cpe:/o:redhat:rhev_hypervisor:4.4::el8",
"cpe:/a:redhat:rhel_eus:8.6::crb"
],
"defaultStatus": "affected",
"packageName": "kernel",
"product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.18.0-372.95.1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-22",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/cluster-logging-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-11",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch6-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v6.8.1-407",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-19",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-proxy-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.0.0-479",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/elasticsearch-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/eventrouter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.4.0-247",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/fluentd-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/log-file-metric-exporter-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v1.1.0-227",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-curator5-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.1-470",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-loki-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v2.9.6-14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/logging-view-plugin-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-operator-bundle",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-24",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/loki-rhel9-operator",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v5.8.6-10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/lokistack-gateway-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-525",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/opa-openshift-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.1.0-224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:logging:5.8::el9"
],
"defaultStatus": "affected",
"packageName": "openshift-logging/vector-rhel9",
"product": "RHOL-5.8-RHEL-9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "v0.28.1-56",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T05:08:21.688Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:0723",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"name": "RHSA-2024:0725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"name": "RHSA-2024:0881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"name": "RHSA-2024:0897",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"name": "RHSA-2024:1188",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1188"
},
{
"name": "RHSA-2024:1248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"name": "RHSA-2024:1404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"name": "RHSA-2024:2094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6606"
},
{
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218218"
},
{
"name": "RHBZ#2253611",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253611"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-08T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-12-04T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Kernel: out-of-bounds read vulnerability in smbcalcsize",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, prevent module cifs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."
}
],
"x_redhatCweChain": "CWE-125: Out-of-bounds Read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6606",
"datePublished": "2023-12-08T16:58:08.746Z",
"dateReserved": "2023-12-08T07:45:03.358Z",
"dateUpdated": "2025-08-04T05:08:21.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26600 (GCVE-0-2024-26600)
Vulnerability from cvelistv5
Published
2024-02-24 14:56
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
If the external phy working together with phy-omap-usb2 does not implement
send_srp(), we may still attempt to call it. This can happen on an idle
Ethernet gadget triggering a wakeup for example:
configfs-gadget.g1 gadget.0: ECM Suspend
configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup
...
Unable to handle kernel NULL pointer dereference at virtual address
00000000 when execute
...
PC is at 0x0
LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]
...
musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]
usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]
eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c
dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4
sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268
arp_solicit from neigh_probe+0x54/0x7c
neigh_probe from __neigh_event_send+0x22c/0x47c
__neigh_event_send from neigh_resolve_output+0x14c/0x1c0
neigh_resolve_output from ip_finish_output2+0x1c8/0x628
ip_finish_output2 from ip_send_skb+0x40/0xd8
ip_send_skb from udp_send_skb+0x124/0x340
udp_send_skb from udp_sendmsg+0x780/0x984
udp_sendmsg from __sys_sendto+0xd8/0x158
__sys_sendto from ret_fast_syscall+0x0/0x58
Let's fix the issue by checking for send_srp() and set_vbus() before
calling them. For USB peripheral only cases these both could be NULL.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 Version: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:03:23.255963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:03:34.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "486218c11e8d1c8f515a3bdd70d62203609d4b6b",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8cc889b9dea0579726be9520fcc766077890b462",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "0430bfcd46657d9116a26cd377f112cbc40826a4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "7104ba0f1958adb250319e68a15eff89ec4fd36d",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:58.052Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
}
],
"title": "phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26600",
"datePublished": "2024-02-24T14:56:55.674Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2025-05-04T08:51:58.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26840 (GCVE-0-2024-26840)
Vulnerability from cvelistv5
Published
2024-04-17 10:10
Modified
2025-05-04 08:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: fix memory leak in cachefiles_add_cache()
The following memory leak was reported after unbinding /dev/cachefiles:
==================================================================
unreferenced object 0xffff9b674176e3c0 (size 192):
comm "cachefilesd2", pid 680, jiffies 4294881224
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc ea38a44b):
[<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
[<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
[<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
[<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
[<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
[<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
[<ffffffff8ebc5069>] ksys_write+0x69/0xf0
[<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
[<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
==================================================================
Put the reference count of cache_cred in cachefiles_daemon_unbind() to
fix the problem. And also put cache_cred in cachefiles_add_cache() error
branch to avoid memory leaks.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d Version: 9ae326a69004dea8af2dae4fde58de27db700a8d |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:58:24.475717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:17.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb5466783793e66272624cf71925ae1d1ba32083",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "037d5a949b0455540ef9aab34c10ddf54b65d285",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "43eccc5823732ba6daab2511ed32dfc545a666d8",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "94965be37add0983672e48ecb33cdbda92b62579",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "8b218e2f0a27a9f09428b1847b4580640b9d1e58",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "38e921616320d159336b0ffadb09e9fb4945c7c3",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "9cac69912052a4def571fedf1cb9bb4ec590e25a",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
},
{
"lessThan": "e21a2f17566cbd64926fb8f16323972f7a064444",
"status": "affected",
"version": "9ae326a69004dea8af2dae4fde58de27db700a8d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cachefiles/cache.c",
"fs/cachefiles/daemon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: fix memory leak in cachefiles_add_cache()\n\nThe following memory leak was reported after unbinding /dev/cachefiles:\n\n==================================================================\nunreferenced object 0xffff9b674176e3c0 (size 192):\n comm \"cachefilesd2\", pid 680, jiffies 4294881224\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc ea38a44b):\n [\u003cffffffff8eb8a1a5\u003e] kmem_cache_alloc+0x2d5/0x370\n [\u003cffffffff8e917f86\u003e] prepare_creds+0x26/0x2e0\n [\u003cffffffffc002eeef\u003e] cachefiles_determine_cache_security+0x1f/0x120\n [\u003cffffffffc00243ec\u003e] cachefiles_add_cache+0x13c/0x3a0\n [\u003cffffffffc0025216\u003e] cachefiles_daemon_write+0x146/0x1c0\n [\u003cffffffff8ebc4a3b\u003e] vfs_write+0xcb/0x520\n [\u003cffffffff8ebc5069\u003e] ksys_write+0x69/0xf0\n [\u003cffffffff8f6d4662\u003e] do_syscall_64+0x72/0x140\n [\u003cffffffff8f8000aa\u003e] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n==================================================================\n\nPut the reference count of cache_cred in cachefiles_daemon_unbind() to\nfix the problem. And also put cache_cred in cachefiles_add_cache() error\nbranch to avoid memory leaks."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:42.799Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083"
},
{
"url": "https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285"
},
{
"url": "https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8"
},
{
"url": "https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579"
},
{
"url": "https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58"
},
{
"url": "https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3"
},
{
"url": "https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec590e25a"
},
{
"url": "https://git.kernel.org/stable/c/e21a2f17566cbd64926fb8f16323972f7a064444"
}
],
"title": "cachefiles: fix memory leak in cachefiles_add_cache()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26840",
"datePublished": "2024-04-17T10:10:06.180Z",
"dateReserved": "2024-02-19T14:20:24.182Z",
"dateUpdated": "2025-05-04T08:57:42.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52583 (GCVE-0-2023-52583)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: fix deadlock or deadcode of misusing dget()
The lock order is incorrect between denty and its parent, we should
always make sure that the parent get the lock first.
But since this deadcode is never used and the parent dir will always
be set from the callers, let's just remove it.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f Version: 9030aaf9bf0a1eee47a154c316c789e959638b0f |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:25:29.028372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:14.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "6ab4fd508fad942f1f1ba940492f2735e078e980",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "e016e358461b89b231626fcf78c5c38e35c44fd3",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "a9c15d6e8aee074fae66c04d114f20b84274fcca",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "7f2649c94264d00df6b6ac27161e9f4372a3450e",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "196b87e5c00ce021e164a5de0f0d04f4116a9160",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "76cb2aa3421fee4fde706dec41b1344bc0a9ad67",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "b493ad718b1f0357394d2cdecbf00a44a36fa085",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix deadlock or deadcode of misusing dget()\n\nThe lock order is incorrect between denty and its parent, we should\nalways make sure that the parent get the lock first.\n\nBut since this deadcode is never used and the parent dir will always\nbe set from the callers, let\u0027s just remove it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:12.524Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6"
},
{
"url": "https://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980"
},
{
"url": "https://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3"
},
{
"url": "https://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca"
},
{
"url": "https://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e"
},
{
"url": "https://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160"
},
{
"url": "https://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67"
},
{
"url": "https://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085"
}
],
"title": "ceph: fix deadlock or deadcode of misusing dget()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52583",
"datePublished": "2024-03-06T06:45:19.319Z",
"dateReserved": "2024-03-02T21:55:42.569Z",
"dateUpdated": "2025-05-04T07:39:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52478 (GCVE-0-2023-52478)
Vulnerability from cvelistv5
Published
2024-02-29 05:43
Modified
2025-05-04 07:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)
races when it races with itself.
hidpp_connect_event() primarily runs from a workqueue but it also runs
on probe() and if a "device-connected" packet is received by the hw
when the thread running hidpp_connect_event() from probe() is waiting on
the hw, then a second thread running hidpp_connect_event() will be
started from the workqueue.
This opens the following races (note the below code is simplified):
1. Retrieving + printing the protocol (harmless race):
if (!hidpp->protocol_major) {
hidpp_root_get_protocol_version()
hidpp->protocol_major = response.rap.params[0];
}
We can actually see this race hit in the dmesg in the abrt output
attached to rhbz#2227968:
[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.
[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.
Testing with extra logging added has shown that after this the 2 threads
take turn grabbing the hw access mutex (send_mutex) so they ping-pong
through all the other TOCTOU cases managing to hit all of them:
2. Updating the name to the HIDPP name (harmless race):
if (hidpp->name == hdev->name) {
...
hidpp->name = new_name;
}
3. Initializing the power_supply class for the battery (problematic!):
hidpp_initialize_battery()
{
if (hidpp->battery.ps)
return 0;
probe_battery(); /* Blocks, threads take turns executing this */
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
}
4. Creating delayed input_device (potentially problematic):
if (hidpp->delayed_input)
return;
hidpp->delayed_input = hidpp_allocate_input(hdev);
The really big problem here is 3. Hitting the race leads to the following
sequence:
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
...
hidpp->battery.desc.properties =
devm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);
hidpp->battery.ps =
devm_power_supply_register(&hidpp->hid_dev->dev,
&hidpp->battery.desc, cfg);
So now we have registered 2 power supplies for the same battery,
which looks a bit weird from userspace's pov but this is not even
the really big problem.
Notice how:
1. This is all devm-maganaged
2. The hidpp->battery.desc struct is shared between the 2 power supplies
3. hidpp->battery.desc.properties points to the result from the second
devm_kmemdup()
This causes a use after free scenario on USB disconnect of the receiver:
1. The last registered power supply class device gets unregistered
2. The memory from the last devm_kmemdup() call gets freed,
hidpp->battery.desc.properties now points to freed memory
3. The first registered power supply class device gets unregistered,
this involves sending a remove uevent to userspace which invokes
power_supply_uevent() to fill the uevent data
4. power_supply_uevent() uses hidpp->battery.desc.properties which
now points to freed memory leading to backtraces like this one:
Sep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08
...
Sep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event
Sep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0
...
Sep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30
Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0
Sep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0
Sep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0
Sep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680
Sep 22 20:01:35 eric kernel:
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca0c4cc1d215dc22ab0e738c9f017c650f3183f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44481b244fcaa2b895a53081d6204c574720c38c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd0e2bf7fb22fe9b989c59c42dca06367fd10e6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/093af62c023537f097d2ebdfaa0bc7c1a6e874e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28ddc1e0b898291323b62d770b1b931de131a528"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd72ac9556a473fc7daf54efb6ca8a97180d621d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7b2c7d9831af99369fe8ad9b2a68d78942f414e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dac501397b9d81e4782232c39f94f4307b137452"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:25:15.460942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:25:22.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-logitech-hidpp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ca0c4cc1d215dc22ab0e738c9f017c650f3183f5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "44481b244fcaa2b895a53081d6204c574720c38c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cd0e2bf7fb22fe9b989c59c42dca06367fd10e6b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "093af62c023537f097d2ebdfaa0bc7c1a6e874e1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28ddc1e0b898291323b62d770b1b931de131a528",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fd72ac9556a473fc7daf54efb6ca8a97180d621d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f7b2c7d9831af99369fe8ad9b2a68d78942f414e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dac501397b9d81e4782232c39f94f4307b137452",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-logitech-hidpp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.328",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.259",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.59",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Fix kernel crash on receiver USB disconnect\n\nhidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)\nraces when it races with itself.\n\nhidpp_connect_event() primarily runs from a workqueue but it also runs\non probe() and if a \"device-connected\" packet is received by the hw\nwhen the thread running hidpp_connect_event() from probe() is waiting on\nthe hw, then a second thread running hidpp_connect_event() will be\nstarted from the workqueue.\n\nThis opens the following races (note the below code is simplified):\n\n1. Retrieving + printing the protocol (harmless race):\n\n\tif (!hidpp-\u003eprotocol_major) {\n\t\thidpp_root_get_protocol_version()\n\t\thidpp-\u003eprotocol_major = response.rap.params[0];\n\t}\n\nWe can actually see this race hit in the dmesg in the abrt output\nattached to rhbz#2227968:\n\n[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n\nTesting with extra logging added has shown that after this the 2 threads\ntake turn grabbing the hw access mutex (send_mutex) so they ping-pong\nthrough all the other TOCTOU cases managing to hit all of them:\n\n2. Updating the name to the HIDPP name (harmless race):\n\n\tif (hidpp-\u003ename == hdev-\u003ename) {\n\t\t...\n\t\thidpp-\u003ename = new_name;\n\t}\n\n3. Initializing the power_supply class for the battery (problematic!):\n\nhidpp_initialize_battery()\n{\n if (hidpp-\u003ebattery.ps)\n return 0;\n\n\tprobe_battery(); /* Blocks, threads take turns executing this */\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n}\n\n4. Creating delayed input_device (potentially problematic):\n\n\tif (hidpp-\u003edelayed_input)\n\t\treturn;\n\n\thidpp-\u003edelayed_input = hidpp_allocate_input(hdev);\n\nThe really big problem here is 3. Hitting the race leads to the following\nsequence:\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n\n\t...\n\n\thidpp-\u003ebattery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp-\u003ebattery.ps =\n\t\tdevm_power_supply_register(\u0026hidpp-\u003ehid_dev-\u003edev,\n\t\t\t\t\t \u0026hidpp-\u003ebattery.desc, cfg);\n\nSo now we have registered 2 power supplies for the same battery,\nwhich looks a bit weird from userspace\u0027s pov but this is not even\nthe really big problem.\n\nNotice how:\n\n1. This is all devm-maganaged\n2. The hidpp-\u003ebattery.desc struct is shared between the 2 power supplies\n3. hidpp-\u003ebattery.desc.properties points to the result from the second\n devm_kmemdup()\n\nThis causes a use after free scenario on USB disconnect of the receiver:\n1. The last registered power supply class device gets unregistered\n2. The memory from the last devm_kmemdup() call gets freed,\n hidpp-\u003ebattery.desc.properties now points to freed memory\n3. The first registered power supply class device gets unregistered,\n this involves sending a remove uevent to userspace which invokes\n power_supply_uevent() to fill the uevent data\n4. power_supply_uevent() uses hidpp-\u003ebattery.desc.properties which\n now points to freed memory leading to backtraces like this one:\n\nSep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08\n...\nSep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event\nSep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0\n...\nSep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0\nSep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0\nSep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680\nSep 22 20:01:35 eric kernel: \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:33.135Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ca0c4cc1d215dc22ab0e738c9f017c650f3183f5"
},
{
"url": "https://git.kernel.org/stable/c/44481b244fcaa2b895a53081d6204c574720c38c"
},
{
"url": "https://git.kernel.org/stable/c/cd0e2bf7fb22fe9b989c59c42dca06367fd10e6b"
},
{
"url": "https://git.kernel.org/stable/c/093af62c023537f097d2ebdfaa0bc7c1a6e874e1"
},
{
"url": "https://git.kernel.org/stable/c/28ddc1e0b898291323b62d770b1b931de131a528"
},
{
"url": "https://git.kernel.org/stable/c/fd72ac9556a473fc7daf54efb6ca8a97180d621d"
},
{
"url": "https://git.kernel.org/stable/c/f7b2c7d9831af99369fe8ad9b2a68d78942f414e"
},
{
"url": "https://git.kernel.org/stable/c/dac501397b9d81e4782232c39f94f4307b137452"
}
],
"title": "HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52478",
"datePublished": "2024-02-29T05:43:10.698Z",
"dateReserved": "2024-02-20T12:30:33.298Z",
"dateUpdated": "2025-05-04T07:37:33.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0584 (GCVE-0-2024-0584)
Vulnerability from cvelistv5
Do not use this CVE as it is duplicate of CVE-2023-6932
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-02-14T05:55:44.036Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "Do not use this CVE as it is duplicate of CVE-2023-6932"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-0584",
"datePublished": "2024-01-16T14:02:02.411Z",
"dateRejected": "2024-02-14T05:55:44.036Z",
"dateReserved": "2024-01-16T11:48:58.344Z",
"dateUpdated": "2024-02-14T05:55:44.036Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2024-26736 (GCVE-0-2024-26736)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
afs: Increase buffer size in afs_update_volume_status()
The max length of volume->vid value is 20 characters.
So increase idbuf[] size up to 24 to avoid overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 Version: d2ddc776a4581d900fc3bdc7803b403daae64d88 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:35:04.677455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:32.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/afs/volume.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "d9b5e2b7a8196850383c70d099bfd39e81ab6637",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "e56662160fc24d28cb75ac095cc6415ae1bda43e",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "e8530b170e464017203e3b8c6c49af6e916aece1",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "6e6065dd25b661420fac19c34282b6c626fcd35e",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "d34a5e57632bb5ff825196ddd9a48ca403626dfa",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
},
{
"lessThan": "6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d",
"status": "affected",
"version": "d2ddc776a4581d900fc3bdc7803b403daae64d88",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/afs/volume.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:15.534Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5"
},
{
"url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637"
},
{
"url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e"
},
{
"url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1"
},
{
"url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e"
},
{
"url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa"
},
{
"url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d"
}
],
"title": "afs: Increase buffer size in afs_update_volume_status()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26736",
"datePublished": "2024-04-03T17:00:22.693Z",
"dateReserved": "2024-02-19T14:20:24.166Z",
"dateUpdated": "2025-05-04T08:55:15.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39476 (GCVE-0-2024-39476)
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2025-05-04 12:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with
small possibility, the root cause is exactly the same as commit
bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"")
However, Dan reported another hang after that, and junxiao investigated
the problem and found out that this is caused by plugged bio can't issue
from raid5d().
Current implementation in raid5d() has a weird dependence:
1) md_check_recovery() from raid5d() must hold 'reconfig_mutex' to clear
MD_SB_CHANGE_PENDING;
2) raid5d() handles IO in a deadloop, until all IO are issued;
3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;
This behaviour is introduce before v2.6, and for consequence, if other
context hold 'reconfig_mutex', and md_check_recovery() can't update
super_block, then raid5d() will waste one cpu 100% by the deadloop, until
'reconfig_mutex' is released.
Refer to the implementation from raid1 and raid10, fix this problem by
skipping issue IO if MD_SB_CHANGE_PENDING is still set after
md_check_recovery(), daemon thread will be woken up when 'reconfig_mutex'
is released. Meanwhile, the hang problem will be fixed as well.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: f3d55bd5b7b928ad82f8075d89c908702f3593ab Version: 1c00bb624cd084e2006520ad0edacaff0fb941c4 Version: 782b3e71c957991ac8ae53318bc369049d49bb53 Version: 9e86dffd0b02594d2e7c60c6db9e889c0395414b Version: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 Version: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 Version: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 Version: 5e2cf333b7bd5d3e62595a44d598a254c697cd74 Version: 7d808fe6af8409cf9f46ed2b10840e5788985e9b Version: 2cab058f2b147e0b7c01546ba00445e5701861f5 Version: 91962e40ec3d26e291db230cd45b302da2aff200 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T15:14:06.487642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:14:14.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b32aa95843cac6b12c2c014d40fca18aef24a347",
"status": "affected",
"version": "f3d55bd5b7b928ad82f8075d89c908702f3593ab",
"versionType": "git"
},
{
"lessThan": "634ba3c97ec413cb10681c7b196db43ee461ecf4",
"status": "affected",
"version": "1c00bb624cd084e2006520ad0edacaff0fb941c4",
"versionType": "git"
},
{
"lessThan": "aa64464c8f4d2ab92f6d0b959a1e0767b829d787",
"status": "affected",
"version": "782b3e71c957991ac8ae53318bc369049d49bb53",
"versionType": "git"
},
{
"lessThan": "098d54934814dd876963abfe751c3b1cf7fbe56a",
"status": "affected",
"version": "9e86dffd0b02594d2e7c60c6db9e889c0395414b",
"versionType": "git"
},
{
"lessThan": "3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "cd2538e5af495b3c747e503db346470fc1ffc447",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "e332a12f65d8fed8cf63bedb4e9317bb872b9ac7",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"lessThan": "151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa",
"status": "affected",
"version": "5e2cf333b7bd5d3e62595a44d598a254c697cd74",
"versionType": "git"
},
{
"status": "affected",
"version": "7d808fe6af8409cf9f46ed2b10840e5788985e9b",
"versionType": "git"
},
{
"status": "affected",
"version": "2cab058f2b147e0b7c01546ba00445e5701861f5",
"versionType": "git"
},
{
"status": "affected",
"version": "91962e40ec3d26e291db230cd45b302da2aff200",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "4.19.262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "5.4.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "5.10.150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.15.75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.94",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.34",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.5",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.19.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can\u0027t issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold \u0027reconfig_mutex\u0027 to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold \u0027reconfig_mutex\u0027, and md_check_recovery() can\u0027t update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n\u0027reconfig_mutex\u0027 is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when \u0027reconfig_mutex\u0027\nis released. Meanwhile, the hang problem will be fixed as well."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:03.441Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39476",
"datePublished": "2024-07-05T06:55:06.559Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2025-05-04T12:57:03.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26790 (GCVE-0-2024-26790)
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2025-05-04 08:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
There is chip (ls1028a) errata:
The SoC may hang on 16 byte unaligned read transactions by QDMA.
Unaligned read transactions initiated by QDMA may stall in the NOC
(Network On-Chip), causing a deadlock condition. Stalled transactions will
trigger completion timeouts in PCIe controller.
Workaround:
Enable prefetch by setting the source descriptor prefetchable bit
( SD[PF] = 1 ).
Implement this workaround.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 Version: b092529e0aa09829a6404424ce167bf3ce3235e2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T16:24:55.798835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:16.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "518d78b4fac68cac29a263554d7f3b19da99d0da",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "bb3a06e9b9a30e33d96aadc0e077be095a4f8580",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "106c1ac953a66556ec77456c46e818208d3a9bce",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "5b696e9c388251f1c7373be92293769a489fd367",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "ad2f8920c314e0a2d9e984fc94b729eca3cda471",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
},
{
"lessThan": "9d739bccf261dd93ec1babf82f5c5d71dd4caa3e",
"status": "affected",
"version": "b092529e0aa09829a6404424ce167bf3ce3235e2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/fsl-qdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read\n\nThere is chip (ls1028a) errata:\n\nThe SoC may hang on 16 byte unaligned read transactions by QDMA.\n\nUnaligned read transactions initiated by QDMA may stall in the NOC\n(Network On-Chip), causing a deadlock condition. Stalled transactions will\ntrigger completion timeouts in PCIe controller.\n\nWorkaround:\nEnable prefetch by setting the source descriptor prefetchable bit\n( SD[PF] = 1 ).\n\nImplement this workaround."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:56:35.788Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da"
},
{
"url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580"
},
{
"url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce"
},
{
"url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa"
},
{
"url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367"
},
{
"url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471"
},
{
"url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e"
}
],
"title": "dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26790",
"datePublished": "2024-04-04T08:20:21.742Z",
"dateReserved": "2024-02-19T14:20:24.178Z",
"dateUpdated": "2025-05-04T08:56:35.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27416 (GCVE-0-2024-27416)
Vulnerability from cvelistv5
Published
2024-05-17 11:51
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
If we received HCI_EV_IO_CAPA_REQUEST while
HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote
does support SSP since otherwise this event shouldn't be generated.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: ccb8618c972f941ebc6b2b9db491025b3369efcb Version: 1769ac55dbf3114d5bf79f11bd5dca80ee263f9c Version: 40a33a129d99639921ce00d274cca44ba282f1ac Version: 1ef071526848cc3109ade63268854cd7c20ece0c Version: 25e5d2883002e235f3378b8592aad14aeeef898c Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: c7f59461f5a78994613afc112cdd73688aef9076 Version: 2c7f9fda663a1b31a61744ffc456bdb89c4efc7f Version: 746dbb0fc6392eca23de27f8aa9d13979b564889 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:20:36.979047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:20:51.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "afec8f772296dd8e5a2a6f83bbf99db1b9ca877f",
"status": "affected",
"version": "ccb8618c972f941ebc6b2b9db491025b3369efcb",
"versionType": "git"
},
{
"lessThan": "79820a7e1e057120c49be07cbe10643d0706b259",
"status": "affected",
"version": "1769ac55dbf3114d5bf79f11bd5dca80ee263f9c",
"versionType": "git"
},
{
"lessThan": "df193568d61234c81de7ed4d540c01975de60277",
"status": "affected",
"version": "40a33a129d99639921ce00d274cca44ba282f1ac",
"versionType": "git"
},
{
"lessThan": "c3df637266df29edee85e94cab5fd7041e5753ba",
"status": "affected",
"version": "1ef071526848cc3109ade63268854cd7c20ece0c",
"versionType": "git"
},
{
"lessThan": "30a5e812f78e3d1cced90e1ed750bf027599205f",
"status": "affected",
"version": "25e5d2883002e235f3378b8592aad14aeeef898c",
"versionType": "git"
},
{
"lessThan": "fba268ac36ab19f9763ff90d276cde0ce6cd5f31",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"lessThan": "8e2758cc25891d2b76717aaf89b40ed215de188c",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"lessThan": "7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865",
"status": "affected",
"version": "c7f59461f5a78994613afc112cdd73688aef9076",
"versionType": "git"
},
{
"status": "affected",
"version": "2c7f9fda663a1b31a61744ffc456bdb89c4efc7f",
"versionType": "git"
},
{
"status": "affected",
"version": "746dbb0fc6392eca23de27f8aa9d13979b564889",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/hci_event.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.19.297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST\n\nIf we received HCI_EV_IO_CAPA_REQUEST while\nHCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote\ndoes support SSP since otherwise this event shouldn\u0027t be generated."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:43.652Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/afec8f772296dd8e5a2a6f83bbf99db1b9ca877f"
},
{
"url": "https://git.kernel.org/stable/c/79820a7e1e057120c49be07cbe10643d0706b259"
},
{
"url": "https://git.kernel.org/stable/c/df193568d61234c81de7ed4d540c01975de60277"
},
{
"url": "https://git.kernel.org/stable/c/c3df637266df29edee85e94cab5fd7041e5753ba"
},
{
"url": "https://git.kernel.org/stable/c/30a5e812f78e3d1cced90e1ed750bf027599205f"
},
{
"url": "https://git.kernel.org/stable/c/fba268ac36ab19f9763ff90d276cde0ce6cd5f31"
},
{
"url": "https://git.kernel.org/stable/c/8e2758cc25891d2b76717aaf89b40ed215de188c"
},
{
"url": "https://git.kernel.org/stable/c/7e74aa53a68bf60f6019bd5d9a9a1406ec4d4865"
}
],
"title": "Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27416",
"datePublished": "2024-05-17T11:51:04.270Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:43.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26593 (GCVE-0-2024-26593)
Vulnerability from cvelistv5
Published
2024-02-23 09:09
Modified
2025-05-04 08:51
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
i2c: i801: Fix block process call transactions
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 Version: 315cd67c945351f8a569500f8ab16b7fa94026e8 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T18:10:30.612535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:57.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d074d5ff5ae77b18300e5079c6bda6342a4d44b7",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "7a14b8a477b88607d157c24aeb23e7389ec3319f",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "1f8d0691c50581ba6043f009ec9e8b9f78f09d5a",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "491528935c9c48bf341d8b40eabc6c4fc5df6f2c",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "6be99c51829b24c914cef5bff6164877178e84d9",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "609c7c1cc976e740d0fed4dbeec688b3ecb5dce2",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
},
{
"lessThan": "c1c9d0f6f7f1dbf29db996bd8e166242843a5f21",
"status": "affected",
"version": "315cd67c945351f8a569500f8ab16b7fa94026e8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-i801.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:51:47.994Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7"
},
{
"url": "https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f"
},
{
"url": "https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a"
},
{
"url": "https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c"
},
{
"url": "https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9"
},
{
"url": "https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2"
},
{
"url": "https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21"
}
],
"title": "i2c: i801: Fix block process call transactions",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26593",
"datePublished": "2024-02-23T09:09:10.021Z",
"dateReserved": "2024-02-19T14:20:24.127Z",
"dateUpdated": "2025-05-04T08:51:47.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26625 (GCVE-0-2024-26625)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 08:52
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
llc: call sock_orphan() at release time
syzbot reported an interesting trace [1] caused by a stale sk->sk_wq
pointer in a closed llc socket.
In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after
calling proto_ops::release()") Eric Biggers hinted that some protocols
are missing a sock_orphan(), we need to perform a full audit.
In net-next, I plan to clear sock->sk from sock_orphan() and
amend Eric patch to add a warning.
[1]
BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]
BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]
BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27
CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:377 [inline]
print_report+0xc4/0x620 mm/kasan/report.c:488
kasan_report+0xda/0x110 mm/kasan/report.c:601
list_empty include/linux/list.h:373 [inline]
waitqueue_active include/linux/wait.h:127 [inline]
sock_def_write_space_wfree net/core/sock.c:3384 [inline]
sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468
skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080
skb_release_all net/core/skbuff.c:1092 [inline]
napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404
e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970
e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]
e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801
__napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576
napi_poll net/core/dev.c:6645 [inline]
net_rx_action+0x956/0xe90 net/core/dev.c:6778
__do_softirq+0x21a/0x8de kernel/softirq.c:553
run_ksoftirqd kernel/softirq.c:921 [inline]
run_ksoftirqd+0x31/0x60 kernel/softirq.c:913
smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164
kthread+0x2c6/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Allocated by task 5167:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:314 [inline]
__kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340
kasan_slab_alloc include/linux/kasan.h:201 [inline]
slab_post_alloc_hook mm/slub.c:3813 [inline]
slab_alloc_node mm/slub.c:3860 [inline]
kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879
alloc_inode_sb include/linux/fs.h:3019 [inline]
sock_alloc_inode+0x25/0x1c0 net/socket.c:308
alloc_inode+0x5d/0x220 fs/inode.c:260
new_inode_pseudo+0x16/0x80 fs/inode.c:1005
sock_alloc+0x40/0x270 net/socket.c:634
__sock_create+0xbc/0x800 net/socket.c:1535
sock_create net/socket.c:1622 [inline]
__sys_socket_create net/socket.c:1659 [inline]
__sys_socket+0x14c/0x260 net/socket.c:1706
__do_sys_socket net/socket.c:1720 [inline]
__se_sys_socket net/socket.c:1718 [inline]
__x64_sys_socket+0x72/0xb0 net/socket.c:1718
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Freed by task 0:
kasan_save_stack+0x33/0x50 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640
poison_slab_object mm/kasan/common.c:241 [inline]
__kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257
kasan_slab_free include/linux/kasan.h:184 [inline]
slab_free_hook mm/slub.c:2121 [inlin
---truncated---
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 Version: 43815482370c510c569fd18edb57afcb0fa8cab6 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T16:41:05.994976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:16.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6b950c712a9a05cdda4aea7fcb2848766576c11b",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "64babb17e8150771c58575d8f93a35c5296b499f",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "d0b5b1f12429df3cd9751ab8b2f53729b77733b7",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "dbc1b89981f9c5360277071d33d7f04a43ffda4a",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "9c333d9891f34cea8af1b229dc754552304c8eee",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "3151051b787f7cd7e3329ea0016eb9113c248812",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "8e51f084b5716653f19e291ed5f026791d4b3ed4",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
},
{
"lessThan": "aa2b2eb3934859904c287bf5434647ba72e14c1c",
"status": "affected",
"version": "43815482370c510c569fd18edb57afcb0fa8cab6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/llc/af_llc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nllc: call sock_orphan() at release time\n\nsyzbot reported an interesting trace [1] caused by a stale sk-\u003esk_wq\npointer in a closed llc socket.\n\nIn commit ff7b11aa481f (\"net: socket: set sock-\u003esk to NULL after\ncalling proto_ops::release()\") Eric Biggers hinted that some protocols\nare missing a sock_orphan(), we need to perform a full audit.\n\nIn net-next, I plan to clear sock-\u003esk from sock_orphan() and\namend Eric patch to add a warning.\n\n[1]\n BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline]\n BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline]\n BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\nRead of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27\n\nCPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0xc4/0x620 mm/kasan/report.c:488\n kasan_report+0xda/0x110 mm/kasan/report.c:601\n list_empty include/linux/list.h:373 [inline]\n waitqueue_active include/linux/wait.h:127 [inline]\n sock_def_write_space_wfree net/core/sock.c:3384 [inline]\n sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468\n skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080\n skb_release_all net/core/skbuff.c:1092 [inline]\n napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404\n e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970\n e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline]\n e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801\n __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x956/0xe90 net/core/dev.c:6778\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n run_ksoftirqd kernel/softirq.c:921 [inline]\n run_ksoftirqd+0x31/0x60 kernel/softirq.c:913\n smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e\n\nAllocated by task 5167:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879\n alloc_inode_sb include/linux/fs.h:3019 [inline]\n sock_alloc_inode+0x25/0x1c0 net/socket.c:308\n alloc_inode+0x5d/0x220 fs/inode.c:260\n new_inode_pseudo+0x16/0x80 fs/inode.c:1005\n sock_alloc+0x40/0x270 net/socket.c:634\n __sock_create+0xbc/0x800 net/socket.c:1535\n sock_create net/socket.c:1622 [inline]\n __sys_socket_create net/socket.c:1659 [inline]\n __sys_socket+0x14c/0x260 net/socket.c:1706\n __do_sys_socket net/socket.c:1720 [inline]\n __se_sys_socket net/socket.c:1718 [inline]\n __x64_sys_socket+0x72/0xb0 net/socket.c:1718\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFreed by task 0:\n kasan_save_stack+0x33/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640\n poison_slab_object mm/kasan/common.c:241 [inline]\n __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2121 [inlin\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:52:34.411Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b"
},
{
"url": "https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f"
},
{
"url": "https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7"
},
{
"url": "https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a"
},
{
"url": "https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee"
},
{
"url": "https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812"
},
{
"url": "https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4"
},
{
"url": "https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c"
}
],
"title": "llc: call sock_orphan() at release time",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26625",
"datePublished": "2024-03-06T06:45:33.311Z",
"dateReserved": "2024-02-19T14:20:24.135Z",
"dateUpdated": "2025-05-04T08:52:34.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52598 (GCVE-0-2023-52598)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-04 07:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
s390/ptrace: handle setting of fpc register correctly
If the content of the floating point control (fpc) register of a traced
process is modified with the ptrace interface the new value is tested for
validity by temporarily loading it into the fpc register.
This may lead to corruption of the fpc register of the tracing process:
if an interrupt happens while the value is temporarily loaded into the
fpc register, and within interrupt context floating point or vector
registers are used, the current fp/vx registers are saved with
save_fpu_regs() assuming they belong to user space and will be loaded into
fp/vx registers when returning to user space.
test_fp_ctl() restores the original user space fpc register value, however
it will be discarded, when returning to user space.
In result the tracer will incorrectly continue to run with the value that
was supposed to be used for the traced process.
Fix this by saving fpu register contents with save_fpu_regs() before using
test_fp_ctl().
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T15:45:25.541876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:23:58.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ccf904aac0292e1f6b1a1be6c407c414f7cf713",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6d0822f2cc9b153bf2df49a84599195a2e0d21a8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "856caf2730ea18cb39e95833719c02a02447dc0a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "28a1f492cb527f64593457a0a0f0d809b3f36c25",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7a4d6481fbdd661f9e40e95febb95e3dee82bad3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "02c6bbfb08bad78dd014e24c7b893723c15ec7a1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "bdce67df7f12fb0409fbc604ce7c4254703f56d4",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8b13601d19c541158a6e18b278c00ba69ae37829",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ptrace: handle setting of fpc register correctly\n\nIf the content of the floating point control (fpc) register of a traced\nprocess is modified with the ptrace interface the new value is tested for\nvalidity by temporarily loading it into the fpc register.\n\nThis may lead to corruption of the fpc register of the tracing process:\nif an interrupt happens while the value is temporarily loaded into the\nfpc register, and within interrupt context floating point or vector\nregisters are used, the current fp/vx registers are saved with\nsave_fpu_regs() assuming they belong to user space and will be loaded into\nfp/vx registers when returning to user space.\n\ntest_fp_ctl() restores the original user space fpc register value, however\nit will be discarded, when returning to user space.\n\nIn result the tracer will incorrectly continue to run with the value that\nwas supposed to be used for the traced process.\n\nFix this by saving fpu register contents with save_fpu_regs() before using\ntest_fp_ctl()."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:39:30.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713"
},
{
"url": "https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8"
},
{
"url": "https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a"
},
{
"url": "https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25"
},
{
"url": "https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3"
},
{
"url": "https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1"
},
{
"url": "https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4"
},
{
"url": "https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829"
}
],
"title": "s390/ptrace: handle setting of fpc register correctly",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52598",
"datePublished": "2024-03-06T06:45:27.127Z",
"dateReserved": "2024-03-02T21:55:42.572Z",
"dateUpdated": "2025-05-04T07:39:30.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26749 (GCVE-0-2024-26749)
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2025-05-04 08:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
...
cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);
list_del_init(&priv_req->list);
...
'priv_req' actually free at cdns3_gadget_ep_free_request(). But
list_del_init() use priv_req->list after it.
[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4
[ 1542.642868][ T534]
[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):
[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4
[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]
[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4
[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8
[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368
[ 1542.685478][ T534] ffs_func_disable+0x18/0x28
Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this
problem.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe Version: 7733f6c32e36ff9d7adadf40001039bf219b1cbe |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:51:44.326857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:16.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfa9abb5570c489dabf6f7fb3a066cc576fc8824",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "b40328eea93c75a5645891408010141a0159f643",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "4e5c73b15d95452c1ba9c771dd013a3fbe052ff3",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "2134e9906e17b1e5284300fab547869ebacfd7d9",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "29e42e1578a10c611b3f1a38f3229b2d664b5d16",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "9a07244f614bc417de527b799da779dcae780b5d",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
},
{
"lessThan": "cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6",
"status": "affected",
"version": "7733f6c32e36ff9d7adadf40001039bf219b1cbe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/cdns3/cdns3-gadget.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.270",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.80",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.7",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n ...\n cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, \u0026priv_req-\u003erequest);\n list_del_init(\u0026priv_req-\u003elist);\n ...\n\n\u0027priv_req\u0027 actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req-\u003elist after it.\n\n[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][ T534]\n[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4\n[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368\n[ 1542.685478][ T534] ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:55:37.922Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824"
},
{
"url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643"
},
{
"url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3"
},
{
"url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9"
},
{
"url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16"
},
{
"url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d"
},
{
"url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6"
}
],
"title": "usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26749",
"datePublished": "2024-04-03T17:00:35.762Z",
"dateReserved": "2024-02-19T14:20:24.169Z",
"dateUpdated": "2025-05-04T08:55:37.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35835 (GCVE-0-2024-35835)
Vulnerability from cvelistv5
Published
2024-05-17 14:02
Modified
2025-05-04 09:06
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfs_create_groups
When `in` allocated by kvzalloc fails, arfs_create_groups will free
ft->g and return an error. However, arfs_create_table, the only caller of
arfs_create_groups, will hold this error and call to
mlx5e_destroy_flow_table, in which the ft->g will be freed again.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c Version: 1cabe6b0965ec067ac60e8f182f16d479a3b9a5c |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:01:13.319923Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:08:42.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3d3ed8c152971dbe64c92c9ecb98fdb52abb629",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "2501afe6c4c9829d03abe9a368b83d9ea1b611b7",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "c57ca114eb00e03274dd38108d07a3750fa3c056",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "42876db001bbea7558e8676d1019f08f9390addb",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "66cc521a739ccd5da057a1cb3d6346c6d0e7619b",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
},
{
"lessThan": "3c6d5189246f590e4e1f167991558bdb72a4738b",
"status": "affected",
"version": "1cabe6b0965ec067ac60e8f182f16d479a3b9a5c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a double-free in arfs_create_groups\n\nWhen `in` allocated by kvzalloc fails, arfs_create_groups will free\nft-\u003eg and return an error. However, arfs_create_table, the only caller of\narfs_create_groups, will hold this error and call to\nmlx5e_destroy_flow_table, in which the ft-\u003eg will be freed again."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:28.425Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629"
},
{
"url": "https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7"
},
{
"url": "https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5"
},
{
"url": "https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056"
},
{
"url": "https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb"
},
{
"url": "https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7"
},
{
"url": "https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d0e7619b"
},
{
"url": "https://git.kernel.org/stable/c/3c6d5189246f590e4e1f167991558bdb72a4738b"
}
],
"title": "net/mlx5e: fix a double-free in arfs_create_groups",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35835",
"datePublished": "2024-05-17T14:02:23.469Z",
"dateReserved": "2024-05-17T13:50:33.103Z",
"dateUpdated": "2025-05-04T09:06:28.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26675 (GCVE-0-2024-26675)
Vulnerability from cvelistv5
Published
2024-04-02 07:01
Modified
2025-05-04 08:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K
syzbot triggered a warning [1] in __alloc_pages():
WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)
Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")
Adopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)
[1]:
WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
Modules linked in:
CPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events_unbound flush_to_ldisc
pstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543
lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537
sp : ffff800093967580
x29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000
x26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0
x23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8
x20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120
x17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005
x14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000
x11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001
x8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0
Call trace:
__alloc_pages+0x308/0x698 mm/page_alloc.c:4543
__alloc_pages_node include/linux/gfp.h:238 [inline]
alloc_pages_node include/linux/gfp.h:261 [inline]
__kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926
__do_kmalloc_node mm/slub.c:3969 [inline]
__kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001
kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590
__alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651
__netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715
netdev_alloc_skb include/linux/skbuff.h:3235 [inline]
dev_alloc_skb include/linux/skbuff.h:3248 [inline]
ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]
ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341
tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390
tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37
receive_buf drivers/tty/tty_buffer.c:444 [inline]
flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494
process_one_work+0x694/0x1204 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x938/0xef4 kernel/workqueue.c:2787
kthread+0x288/0x310 kernel/kthread.c:388
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:26.335519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:36.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "56fae81633ccee307cfcb032f706bf1863a56982",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b06e067e93fa4b98acfd3a9f38a398ab91bbc58b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e2c4846b2507f6dfc9bea72b7567c2693a82a16",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7e5ef49670766c9742ffcd9cead7cdb018268719",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "210d938f963dddc543b07e66a79b7d8d4bd00bd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "cb88cb53badb8aeb3955ad6ce80b07b598e310b8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ppp/ppp_async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order \u003e MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 (\"ppp: limit MRU to 64K\")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n __do_kmalloc_node mm/slub.c:3969 [inline]\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:53:42.211Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed"
},
{
"url": "https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982"
},
{
"url": "https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b"
},
{
"url": "https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3"
},
{
"url": "https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16"
},
{
"url": "https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719"
},
{
"url": "https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8"
},
{
"url": "https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8"
}
],
"title": "ppp_async: limit MRU to 64K",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26675",
"datePublished": "2024-04-02T07:01:40.054Z",
"dateReserved": "2024-02-19T14:20:24.151Z",
"dateUpdated": "2025-05-04T08:53:42.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52607 (GCVE-0-2023-52607)
Vulnerability from cvelistv5
Published
2024-03-06 06:45
Modified
2025-05-21 08:49
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
kasprintf() returns a pointer to dynamically allocated memory
which can be NULL upon failure. Ensure the allocation was successful
by checking the pointer validity.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 Version: a0668cdc154e54bf0c85182e0535eea237d53146 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-06T15:59:58.884148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:10:22.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/init-common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21e45a7b08d7cd98d6a53c5fc5111879f2d96611",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "f6781add1c311c17eff43e14c786004bbacf901e",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "ac3ed969a40357b0542d20f096a6d43acdfa6cc7",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "d482d61025e303a2bef3733a011b6b740215cfa1",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "145febd85c3bcc5c74d87ef9a598fc7d9122d532",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "ffd29dc45bc0355393859049f6becddc3ed08f74",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
},
{
"lessThan": "f46c8a75263f97bda13c739ba1c90aced0d3b071",
"status": "affected",
"version": "a0668cdc154e54bf0c85182e0535eea237d53146",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/mm/init-common.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.77",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.16",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.4",
"versionStartIncluding": "2.6.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm: Fix null-pointer dereference in pgtable_cache_add\n\nkasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:49:48.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611"
},
{
"url": "https://git.kernel.org/stable/c/f6781add1c311c17eff43e14c786004bbacf901e"
},
{
"url": "https://git.kernel.org/stable/c/aa28eecb43cac6e20ef14dfc50b8892c1fbcda5b"
},
{
"url": "https://git.kernel.org/stable/c/ac3ed969a40357b0542d20f096a6d43acdfa6cc7"
},
{
"url": "https://git.kernel.org/stable/c/d482d61025e303a2bef3733a011b6b740215cfa1"
},
{
"url": "https://git.kernel.org/stable/c/145febd85c3bcc5c74d87ef9a598fc7d9122d532"
},
{
"url": "https://git.kernel.org/stable/c/ffd29dc45bc0355393859049f6becddc3ed08f74"
},
{
"url": "https://git.kernel.org/stable/c/f46c8a75263f97bda13c739ba1c90aced0d3b071"
}
],
"title": "powerpc/mm: Fix null-pointer dereference in pgtable_cache_add",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52607",
"datePublished": "2024-03-06T06:45:31.769Z",
"dateReserved": "2024-03-02T21:55:42.574Z",
"dateUpdated": "2025-05-21T08:49:48.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27412 (GCVE-0-2024-27412)
Vulnerability from cvelistv5
Published
2024-05-17 11:50
Modified
2025-05-04 12:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx-i2c: Do not free non existing IRQ
The bq27xxx i2c-client may not have an IRQ, in which case
client->irq will be 0. bq27xxx_battery_i2c_probe() already has
an if (client->irq) check wrapping the request_threaded_irq().
But bq27xxx_battery_i2c_remove() unconditionally calls
free_irq(client->irq) leading to:
[ 190.310742] ------------[ cut here ]------------
[ 190.310843] Trying to free already-free IRQ 0
[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310
Followed by a backtrace when unbinding the driver. Add
an if (client->irq) to bq27xxx_battery_i2c_remove() mirroring
probe() to fix this.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 76d2ed844def0cb8704d766924b07b2a918b3e30 Version: dafe9136be7b7fc30f1f3ca410c15b7cc65bee44 Version: 1da9a4b55a6688e3a30c16d0cf2e7c6a90a684fb Version: e01820a94aea99296e500f54b3f36a2985061045 Version: e65fee45687fa2109e03056a696dc7d68a151296 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: 444ff00734f3878cd54ddd1ed5e2e6dbea9326d5 Version: ca4a2ddd2e69ca82ca5992d4c49649b2cbac3b74 Version: 28960625adaaf3fa3d83c8d3596661d2576d0a83 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:37:48.619858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:52:19.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:34:52.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/bq27xxx_battery_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa",
"status": "affected",
"version": "76d2ed844def0cb8704d766924b07b2a918b3e30",
"versionType": "git"
},
{
"lessThan": "7394abc8926adee6a817bab10797e0adc898af77",
"status": "affected",
"version": "dafe9136be7b7fc30f1f3ca410c15b7cc65bee44",
"versionType": "git"
},
{
"lessThan": "d7acc4a569f5f4513120c85ea2b9f04909b7490f",
"status": "affected",
"version": "1da9a4b55a6688e3a30c16d0cf2e7c6a90a684fb",
"versionType": "git"
},
{
"lessThan": "e601ae81910ce6a3797876e190a2d8ef6cf828bc",
"status": "affected",
"version": "e01820a94aea99296e500f54b3f36a2985061045",
"versionType": "git"
},
{
"lessThan": "cefe18e9ec84f8fe3e198ccebb815cc996eb9797",
"status": "affected",
"version": "e65fee45687fa2109e03056a696dc7d68a151296",
"versionType": "git"
},
{
"lessThan": "fbca8bae1ba79d443a58781b45e92a73a24ac8f8",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"lessThan": "083686474e7c97b0f8b66df37fcb64e432e8b771",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"lessThan": "2df70149e73e79783bcbc7db4fa51ecef0e2022c",
"status": "affected",
"version": "444ff00734f3878cd54ddd1ed5e2e6dbea9326d5",
"versionType": "git"
},
{
"status": "affected",
"version": "ca4a2ddd2e69ca82ca5992d4c49649b2cbac3b74",
"versionType": "git"
},
{
"status": "affected",
"version": "28960625adaaf3fa3d83c8d3596661d2576d0a83",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/power/supply/bq27xxx_battery_i2c.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.309",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.271",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.212",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.151",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.309",
"versionStartIncluding": "4.19.284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.271",
"versionStartIncluding": "5.4.244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.212",
"versionStartIncluding": "5.10.181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.151",
"versionStartIncluding": "5.15.114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.81",
"versionStartIncluding": "6.1.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.21",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: bq27xxx-i2c: Do not free non existing IRQ\n\nThe bq27xxx i2c-client may not have an IRQ, in which case\nclient-\u003eirq will be 0. bq27xxx_battery_i2c_probe() already has\nan if (client-\u003eirq) check wrapping the request_threaded_irq().\n\nBut bq27xxx_battery_i2c_remove() unconditionally calls\nfree_irq(client-\u003eirq) leading to:\n\n[ 190.310742] ------------[ cut here ]------------\n[ 190.310843] Trying to free already-free IRQ 0\n[ 190.310861] WARNING: CPU: 2 PID: 1304 at kernel/irq/manage.c:1893 free_irq+0x1b8/0x310\n\nFollowed by a backtrace when unbinding the driver. Add\nan if (client-\u003eirq) to bq27xxx_battery_i2c_remove() mirroring\nprobe() to fix this."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:35.363Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d4d813c0a14d6bf52d810a55db06a2e7e3d98eaa"
},
{
"url": "https://git.kernel.org/stable/c/7394abc8926adee6a817bab10797e0adc898af77"
},
{
"url": "https://git.kernel.org/stable/c/d7acc4a569f5f4513120c85ea2b9f04909b7490f"
},
{
"url": "https://git.kernel.org/stable/c/e601ae81910ce6a3797876e190a2d8ef6cf828bc"
},
{
"url": "https://git.kernel.org/stable/c/cefe18e9ec84f8fe3e198ccebb815cc996eb9797"
},
{
"url": "https://git.kernel.org/stable/c/fbca8bae1ba79d443a58781b45e92a73a24ac8f8"
},
{
"url": "https://git.kernel.org/stable/c/083686474e7c97b0f8b66df37fcb64e432e8b771"
},
{
"url": "https://git.kernel.org/stable/c/2df70149e73e79783bcbc7db4fa51ecef0e2022c"
}
],
"title": "power: supply: bq27xxx-i2c: Do not free non existing IRQ",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27412",
"datePublished": "2024-05-17T11:50:50.323Z",
"dateReserved": "2024-02-25T13:47:42.682Z",
"dateUpdated": "2025-05-04T12:55:35.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26722 (GCVE-0-2024-26722)
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2025-05-04 08:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
is left locked forever. That may lead to deadlock
when rt5645_jack_detect_work() is called for the second time.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 48ce529c83522944f116f03884819051f44f0fb6 Version: b67005b284ddaf62043468d1ce5905c17d85b0e6 Version: ffe13302b8fd486f80c98019bdcb7f3e512d0eda Version: 7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9 Version: 1613195bf31e68b192bc731bea71726773e3482f Version: 8f82f2e4d9c4966282e494ae67b0bc05a6c2b904 Version: cdba4301adda7c60a2064bf808e48fccd352aaa9 Version: cdba4301adda7c60a2064bf808e48fccd352aaa9 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26722",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:40:07.128865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:40.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3dd2d99e2352903d0e0b8769e6c9b8293c7454b2",
"status": "affected",
"version": "48ce529c83522944f116f03884819051f44f0fb6",
"versionType": "git"
},
{
"lessThan": "422d5243b9f780abd3d39da2b746e3915677b07d",
"status": "affected",
"version": "b67005b284ddaf62043468d1ce5905c17d85b0e6",
"versionType": "git"
},
{
"lessThan": "4a98bc739d0753a5810ce5630943cd7614c7717e",
"status": "affected",
"version": "ffe13302b8fd486f80c98019bdcb7f3e512d0eda",
"versionType": "git"
},
{
"lessThan": "d14b8e2005f36319df9412d42037416d64827f6b",
"status": "affected",
"version": "7a3ff8a2bb2620ba6a806f0967c38be1a8d306d9",
"versionType": "git"
},
{
"lessThan": "1f0d7792e9023e8658e901b7b76a555f6aa052ec",
"status": "affected",
"version": "1613195bf31e68b192bc731bea71726773e3482f",
"versionType": "git"
},
{
"lessThan": "050ad2ca0ac169dd9e552075d2c6af1bbb46534c",
"status": "affected",
"version": "8f82f2e4d9c4966282e494ae67b0bc05a6c2b904",
"versionType": "git"
},
{
"lessThan": "ed5b8b735369b40d6c1f8ef3e62d369f74b4c491",
"status": "affected",
"version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
"versionType": "git"
},
{
"lessThan": "6ef5d5b92f7117b324efaac72b3db27ae8bb3082",
"status": "affected",
"version": "cdba4301adda7c60a2064bf808e48fccd352aaa9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/codecs/rt5645.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "4.19.306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "5.4.268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.10.209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.15.148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "6.1.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "6.6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "6.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()\n\nThere is a path in rt5645_jack_detect_work(), where rt5645-\u003ejd_mutex\nis left locked forever. That may lead to deadlock\nwhen rt5645_jack_detect_work() is called for the second time.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:54:54.183Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2"
},
{
"url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d"
},
{
"url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e"
},
{
"url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b"
},
{
"url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec"
},
{
"url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c"
},
{
"url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491"
},
{
"url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082"
}
],
"title": "ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26722",
"datePublished": "2024-04-03T14:55:21.709Z",
"dateReserved": "2024-02-19T14:20:24.163Z",
"dateUpdated": "2025-05-04T08:54:54.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52813 (GCVE-0-2023-52813)
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2025-07-15 15:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: pcrypt - Fix hungtask for PADATA_RESET
We found a hungtask bug in test_aead_vec_cfg as follows:
INFO: task cryptomgr_test:391009 blocked for more than 120 seconds.
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Call trace:
__switch_to+0x98/0xe0
__schedule+0x6c4/0xf40
schedule+0xd8/0x1b4
schedule_timeout+0x474/0x560
wait_for_common+0x368/0x4e0
wait_for_completion+0x20/0x30
wait_for_completion+0x20/0x30
test_aead_vec_cfg+0xab4/0xd50
test_aead+0x144/0x1f0
alg_test_aead+0xd8/0x1e0
alg_test+0x634/0x890
cryptomgr_test+0x40/0x70
kthread+0x1e0/0x220
ret_from_fork+0x10/0x18
Kernel panic - not syncing: hung_task: blocked tasks
For padata_do_parallel, when the return err is 0 or -EBUSY, it will call
wait_for_completion(&wait->completion) in test_aead_vec_cfg. In normal
case, aead_request_complete() will be called in pcrypt_aead_serial and the
return err is 0 for padata_do_parallel. But, when pinst->flags is
PADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it
won't call aead_request_complete(). Therefore, test_aead_vec_cfg will
hung at wait_for_completion(&wait->completion), which will cause
hungtask.
The problem comes as following:
(padata_do_parallel) |
rcu_read_lock_bh(); |
err = -EINVAL; | (padata_replace)
| pinst->flags |= PADATA_RESET;
err = -EBUSY |
if (pinst->flags & PADATA_RESET) |
rcu_read_unlock_bh() |
return err
In order to resolve the problem, we replace the return err -EBUSY with
-EAGAIN, which means parallel_data is changing, and the caller should call
it again.
v3:
remove retry and just change the return err.
v2:
introduce padata_try_do_parallel() in pcrypt_aead_encrypt and
pcrypt_aead_decrypt to solve the hungtask.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ► | Linux | Linux |
Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 Version: 16295bec6398a3eedc9377e1af6ff4c71b98c300 |
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52813",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T17:18:51.048604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:13.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/pcrypt.c",
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb2d3a50a8f29a3c66682bb426144f40e32ab818",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "039fec48e062504f14845124a1a25eb199b2ddc0",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "c9c1334697301c10e6918d747ed38abfbc0c96e7",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "e97bf4ada7dddacd184c3e196bd063b0dc71b41d",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "546c1796ad1ed0d87dab3c4b5156d75819be2316",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "c55fc098fd9d2dca475b82d00ffbcaf97879d77e",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "e134f3aba98e6c801a693f540912c2d493718ddf",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "372636debe852913529b1716f44addd94fff2d28",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
},
{
"lessThan": "8f4f68e788c3a7a696546291258bfa5fdb215523",
"status": "affected",
"version": "16295bec6398a3eedc9377e1af6ff4c71b98c300",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/pcrypt.c",
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Fix hungtask for PADATA_RESET\n\nWe found a hungtask bug in test_aead_vec_cfg as follows:\n\nINFO: task cryptomgr_test:391009 blocked for more than 120 seconds.\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\nCall trace:\n __switch_to+0x98/0xe0\n __schedule+0x6c4/0xf40\n schedule+0xd8/0x1b4\n schedule_timeout+0x474/0x560\n wait_for_common+0x368/0x4e0\n wait_for_completion+0x20/0x30\n wait_for_completion+0x20/0x30\n test_aead_vec_cfg+0xab4/0xd50\n test_aead+0x144/0x1f0\n alg_test_aead+0xd8/0x1e0\n alg_test+0x634/0x890\n cryptomgr_test+0x40/0x70\n kthread+0x1e0/0x220\n ret_from_fork+0x10/0x18\n Kernel panic - not syncing: hung_task: blocked tasks\n\nFor padata_do_parallel, when the return err is 0 or -EBUSY, it will call\nwait_for_completion(\u0026wait-\u003ecompletion) in test_aead_vec_cfg. In normal\ncase, aead_request_complete() will be called in pcrypt_aead_serial and the\nreturn err is 0 for padata_do_parallel. But, when pinst-\u003eflags is\nPADATA_RESET, the return err is -EBUSY for padata_do_parallel, and it\nwon\u0027t call aead_request_complete(). Therefore, test_aead_vec_cfg will\nhung at wait_for_completion(\u0026wait-\u003ecompletion), which will cause\nhungtask.\n\nThe problem comes as following:\n(padata_do_parallel) |\n rcu_read_lock_bh(); |\n err = -EINVAL; | (padata_replace)\n | pinst-\u003eflags |= PADATA_RESET;\n err = -EBUSY |\n if (pinst-\u003eflags \u0026 PADATA_RESET) |\n rcu_read_unlock_bh() |\n return err\n\nIn order to resolve the problem, we replace the return err -EBUSY with\n-EAGAIN, which means parallel_data is changing, and the caller should call\nit again.\n\nv3:\nremove retry and just change the return err.\nv2:\nintroduce padata_try_do_parallel() in pcrypt_aead_encrypt and\npcrypt_aead_decrypt to solve the hungtask."
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T15:43:50.801Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb2d3a50a8f29a3c66682bb426144f40e32ab818"
},
{
"url": "https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0"
},
{
"url": "https://git.kernel.org/stable/c/c9c1334697301c10e6918d747ed38abfbc0c96e7"
},
{
"url": "https://git.kernel.org/stable/c/e97bf4ada7dddacd184c3e196bd063b0dc71b41d"
},
{
"url": "https://git.kernel.org/stable/c/546c1796ad1ed0d87dab3c4b5156d75819be2316"
},
{
"url": "https://git.kernel.org/stable/c/c55fc098fd9d2dca475b82d00ffbcaf97879d77e"
},
{
"url": "https://git.kernel.org/stable/c/e134f3aba98e6c801a693f540912c2d493718ddf"
},
{
"url": "https://git.kernel.org/stable/c/372636debe852913529b1716f44addd94fff2d28"
},
{
"url": "https://git.kernel.org/stable/c/8f4f68e788c3a7a696546291258bfa5fdb215523"
}
],
"title": "crypto: pcrypt - Fix hungtask for PADATA_RESET",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52813",
"datePublished": "2024-05-21T15:31:21.604Z",
"dateReserved": "2024-05-21T15:19:24.248Z",
"dateUpdated": "2025-07-15T15:43:50.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…