csaf_suse - suse-su-2025:0703-1

suse-su-2025:0703-1

Vulnerability from csaf_suse

Published

2025-02-24 18:03

Modified

2025-02-24 18:03

Summary

Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)

Description of the patch

This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues. The following security issues were fixed: - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1228585). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1227371). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).

Patchnames

SUSE-2025-703,SUSE-2025-705,SUSE-SLE-Module-Live-Patching-15-SP3-2025-703,SUSE-SLE-Module-Live-Patching-15-SP5-2025-705

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_55_62 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1228585).\n- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1227371).\n- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1236783).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-703,SUSE-2025-705,SUSE-SLE-Module-Live-Patching-15-SP3-2025-703,SUSE-SLE-Module-Live-Patching-15-SP5-2025-705",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0703-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:0703-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250703-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:0703-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020428.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227371",
        "url": "https://bugzilla.suse.com/1227371"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1228585",
        "url": "https://bugzilla.suse.com/1228585"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236783",
        "url": "https://bugzilla.suse.com/1236783"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-36974 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-36974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-40956 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-40956/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-53104 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-53104/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2025-02-24T18:03:39Z",
      "generator": {
        "date": "2025-02-24T18:03:39Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:0703-1",
      "initial_release_date": "2025-02-24T18:03:39Z",
      "revision_history": [
        {
          "date": "2025-02-24T18:03:39Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_167-preempt-8-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_167-preempt-8-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_167-preempt-8-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-36974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev-\u003enum_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-36974",
          "url": "https://www.suse.com/security/cve/CVE-2024-36974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226519 for CVE-2024-36974",
          "url": "https://bugzilla.suse.com/1226519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227371 for CVE-2024-36974",
          "url": "https://bugzilla.suse.com/1227371"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-24T18:03:39Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-36974"
    },
    {
      "cve": "CVE-2024-40956",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-40956"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-40956",
          "url": "https://www.suse.com/security/cve/CVE-2024-40956"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1227810 for CVE-2024-40956",
          "url": "https://bugzilla.suse.com/1227810"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1228585 for CVE-2024-40956",
          "url": "https://bugzilla.suse.com/1228585"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-24T18:03:39Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-40956"
    },
    {
      "cve": "CVE-2024-53104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-53104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-53104",
          "url": "https://www.suse.com/security/cve/CVE-2024-53104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1234025 for CVE-2024-53104",
          "url": "https://bugzilla.suse.com/1234025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1236783 for CVE-2024-53104",
          "url": "https://bugzilla.suse.com/1236783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-8-150300.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_62-default-11-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-24T18:03:39Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-53104"
    }
  ]
}

CVE-2024-40956 (GCVE-0-2024-40956)

Vulnerability from cvelistv5

Published

2024-07-12 12:31

Modified

2025-05-04 09:18

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

References

►

URL

Tags

	https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33
	https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5
	https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8
	https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd
	https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7

Impacted products

Vendor

Product

Version

►

Linux

Version: 16e19e11228ba660d9e322035635e7dcf160d5c2
Version: 16e19e11228ba660d9e322035635e7dcf160d5c2
Version: 16e19e11228ba660d9e322035635e7dcf160d5c2
Version: 16e19e11228ba660d9e322035635e7dcf160d5c2
Version: 16e19e11228ba660d9e322035635e7dcf160d5c2

Linux

Version: 5.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:42.094021Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:24.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1b08bf5a17c66ab7dbb628df5344da53c8e7ab33",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "83163667d881100a485b6c2daa30301b7f68d9b5",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "faa35db78b058a2ab6e074ee283f69fa398c36a8",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "a14968921486793f2a956086895c3793761309dd",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "e3215deca4520773cd2b155bed164c12365149a7",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:44.775Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
        },
        {
          "url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
        }
      ],
      "title": "dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40956",
    "datePublished": "2024-07-12T12:31:59.027Z",
    "dateReserved": "2024-07-12T12:17:45.593Z",
    "dateUpdated": "2025-05-04T09:18:44.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36974 (GCVE-0-2024-36974)

Vulnerability from cvelistv5

Published

2024-06-18 19:15

Modified

2025-05-04 09:13

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.

References

►

URL

Tags

	https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec
	https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b
	https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923
	https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c
	https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404
	https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2
	https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36

Impacted products

Vendor

Product

Version

►

Linux

Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version: a3d43c0d56f1b94e74963a2fbadfb70126d92213

Linux

Version: 5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:26.013777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:58.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c6041e7124464ce7e896ee3f912897ce88a0c4ec",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "6db4af09987cc5d5f0136bd46148b0e0460dae5b",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "d3dde4c217f0c31ab0621912e682b57e677dd923",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "0bf6cc96612bd396048f57d63f1ad454a846e39c",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "724050ae4b76e4fae05a923cb54101d792cf4404",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "c37a27a35eadb59286c9092c49c241270c802ae2",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            },
            {
              "lessThan": "f921a58ae20852d188f70842431ce6519c4fdc36",
              "status": "affected",
              "version": "a3d43c0d56f1b94e74963a2fbadfb70126d92213",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP\n\nIf one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,\ntaprio_parse_mqprio_opt() must validate it, or userspace\ncan inject arbitrary data to the kernel, the second time\ntaprio_change() is called.\n\nFirst call (with valid attributes) sets dev-\u003enum_tc\nto a non zero value.\n\nSecond call (with arbitrary mqprio attributes)\nreturns early from taprio_parse_mqprio_opt()\nand bad things can happen."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:10.176Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c6041e7124464ce7e896ee3f912897ce88a0c4ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/6db4af09987cc5d5f0136bd46148b0e0460dae5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3dde4c217f0c31ab0621912e682b57e677dd923"
        },
        {
          "url": "https://git.kernel.org/stable/c/0bf6cc96612bd396048f57d63f1ad454a846e39c"
        },
        {
          "url": "https://git.kernel.org/stable/c/724050ae4b76e4fae05a923cb54101d792cf4404"
        },
        {
          "url": "https://git.kernel.org/stable/c/c37a27a35eadb59286c9092c49c241270c802ae2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f921a58ae20852d188f70842431ce6519c4fdc36"
        }
      ],
      "title": "net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36974",
    "datePublished": "2024-06-18T19:15:07.892Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2025-05-04T09:13:10.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-53104 (GCVE-0-2024-53104)

Vulnerability from cvelistv5

Published

2024-12-02 07:29

Modified

2025-07-30 01:36

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.

References

►

URL

Tags

	https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8
	https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae
	https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773
	https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29
	https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6
	https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d
	https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5
	https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f
	https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd

Impacted products

Vendor

Product

Version

►

Linux

Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c
Version: c0efd232929c2cd87238de2cccdaf4e845be5b0c

Linux

Version: 2.6.26

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-53104",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-21T13:29:32.093245Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-05",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53104"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:36:24.519Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-05T00:00:00+00:00",
            "value": "CVE-2024-53104 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/uvc/uvc_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "684022f81f128338fe3587ec967459669a1204ae",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "faff5bbb2762c44ec7426037b3000e77a11d6773",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "467d84dc78c9abf6b217ada22b3fdba336262e29",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "beced2cb09b58c1243733f374c560a55382003d6",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "575a562f7a3ec2d54ff77ab6810e3fbceef2a91d",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "622ad10aae5f5e03b7927ea95f7f32812f692bb5",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "1ee9d9122801eb688783acd07791f2906b87cb4f",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            },
            {
              "lessThan": "ecf2b43018da9579842c774b7f35dbe11b5c38dd",
              "status": "affected",
              "version": "c0efd232929c2cd87238de2cccdaf4e845be5b0c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/uvc/uvc_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.324",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.230",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.172",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.117",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.324",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.230",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.172",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.117",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.61",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.8",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.1",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format\n\nThis can lead to out of bounds writes since frames of this type were not\ntaken into account when calculating the size of the frames buffer in\nuvc_parse_streaming."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:53:07.798Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8"
        },
        {
          "url": "https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773"
        },
        {
          "url": "https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29"
        },
        {
          "url": "https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d"
        },
        {
          "url": "https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812f692bb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ee9d9122801eb688783acd07791f2906b87cb4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ecf2b43018da9579842c774b7f35dbe11b5c38dd"
        }
      ],
      "title": "media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53104",
    "datePublished": "2024-12-02T07:29:27.261Z",
    "dateReserved": "2024-11-19T17:17:24.985Z",
    "dateUpdated": "2025-07-30T01:36:24.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:0703-1

Vulnerability from csaf_suse

CVE-2024-40956 (GCVE-0-2024-40956)

Vulnerability from cvelistv5

CVE-2024-36974 (GCVE-0-2024-36974)

Vulnerability from cvelistv5

CVE-2024-53104 (GCVE-0-2024-53104)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature