{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44988",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:54.931496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:00.834Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/global1_atu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4a88fca95c8df3746b71e31f44a02d35f06f9864",
              "status": "affected",
              "version": "27a2fa0098171199022affa76bdf15d77585457f",
              "versionType": "git"
            },
            {
              "lessThan": "d39f5be62f098fe367d672b4dd4bc4b2b80e08e7",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "050e7274ab2150cd212b2372595720e7b83a15bd",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "a10d0337115a6d223a1563d853d4455f05d0b2e3",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "18b2e833daf049223ab3c2efdf8cdee08854c484",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "f7d8c2fabd39250cf2333fbf8eef67e837f90a5d",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "f87ce03c652dba199aef15ac18ade3991db5477e",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            },
            {
              "lessThan": "528876d867a23b5198022baf2e388052ca67c952",
              "status": "affected",
              "version": "75c05a74e745ae7d663b04d75777af80ada2233c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/mv88e6xxx/global1_atu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mv88e6xxx: Fix out-of-bound access\n\nIf an ATU violation was caused by a CPU Load operation, the SPID could\nbe larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:43.429Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4a88fca95c8df3746b71e31f44a02d35f06f9864"
        },
        {
          "url": "https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484"
        },
        {
          "url": "https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e"
        },
        {
          "url": "https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952"
        }
      ],
      "title": "net: dsa: mv88e6xxx: Fix out-of-bound access",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44988",
    "datePublished": "2024-09-04T19:54:36.168Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:43.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:26.389987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:37.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/parisc/Kconfig",
            "arch/parisc/include/asm/cache.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00baca74fb5879e5f9034b6156671301f500f8ee",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "642a0b7453daff0295310774016fcb56d1f5bc7f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "533de2f470baac40d3bf622fe631f15231a03c9f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7ae04ba36b381bffe2471eff3a93edced843240f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/parisc/Kconfig",
            "arch/parisc/include/asm/cache.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: fix a possible DMA corruption\n\nARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be\npossible that two unrelated 16-byte allocations share a cache line. If\none of these allocations is written using DMA and the other is written\nusing cached write, the value that was written with DMA may be\ncorrupted.\n\nThis commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 -\nthat\u0027s the largest possible cache line size.\n\nAs different parisc microarchitectures have different cache line size, we\ndefine arch_slab_minalign(), cache_line_size() and\ndma_get_cache_alignment() so that the kernel may tune slab cache\nparameters dynamically, based on the detected cache line size."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-24T16:01:30.995Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00baca74fb5879e5f9034b6156671301f500f8ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f"
        }
      ],
      "title": "parisc: fix a possible DMA corruption",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44949",
    "datePublished": "2024-09-04T18:35:49.788Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2025-01-24T16:01:30.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:30.735328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_flat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3a684499261d0f7ed5ee72793025c88c2276809c",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "af65d5383854cc3f172a7d0843b628758bf462c8",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "49df34d2b7da9e57c839555a2f7877291ce45ad1",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "9350ba06ee61db392c486716ac68ecc20e030f7c",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            },
            {
              "lessThan": "3eb3cd5992f7a0c37edc8d05b4c38c98758d8671",
              "status": "affected",
              "version": "04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/binfmt_flat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.47",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinfmt_flat: Fix corruption when not offsetting data start\n\nCommit 04d82a6d0881 (\"binfmt_flat: allow not offsetting data start\")\nintroduced a RISC-V specific variant of the FLAT format which does\nnot allocate any space for the (obsolete) array of shared library\npointers. However, it did not disable the code which initializes the\narray, resulting in the corruption of sizeof(long) bytes before the DATA\nsegment, generally the end of the TEXT segment.\n\nIntroduce MAX_SHARED_LIBS_UPDATE which depends on the state of\nCONFIG_BINFMT_FLAT_NO_DATA_START_OFFSET to guard the initialization of\nthe shared library pointer region so that it will only be initialized\nif space is reserved for it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:16.557Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3a684499261d0f7ed5ee72793025c88c2276809c"
        },
        {
          "url": "https://git.kernel.org/stable/c/af65d5383854cc3f172a7d0843b628758bf462c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/49df34d2b7da9e57c839555a2f7877291ce45ad1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9350ba06ee61db392c486716ac68ecc20e030f7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3eb3cd5992f7a0c37edc8d05b4c38c98758d8671"
        }
      ],
      "title": "binfmt_flat: Fix corruption when not offsetting data start",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44966",
    "datePublished": "2024-09-04T18:38:45.625Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:16.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:20:40.351052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:03.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_sched_job.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "98aa0330f200b9b8fb9e1298e006eda57a13351c",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            },
            {
              "lessThan": "9e7f30563677fbeff62d368d5d2a5ac7aaa9746a",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_sched_job.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Free job before xe_exec_queue_put\n\nFree job depends on job-\u003evm being valid, the last xe_exec_queue_put can\ndestroy the VM. Prevent UAF by freeing job before xe_exec_queue_put.\n\n(cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:31.118Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/98aa0330f200b9b8fb9e1298e006eda57a13351c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e7f30563677fbeff62d368d5d2a5ac7aaa9746a"
        }
      ],
      "title": "drm/xe: Free job before xe_exec_queue_put",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44978",
    "datePublished": "2024-09-04T19:54:29.559Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:31.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:26:21.490934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:14.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ddee5b4b6a1cc03c1e9921cf34382e094c2009f1",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "f2c865e9e3ca44fc06b5f73b29a954775e4dbb38",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "2b4f46f9503633dade75cb796dd1949d0e6581a1",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "0201d65d9806d287a00e0ba96f0321835631f63f",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            },
            {
              "lessThan": "48e50dcbcbaaf713d82bf2da5c16aeced94ad07d",
              "status": "affected",
              "version": "01cacb00b35cb62b139f07d5f84bcf0eeda8eff6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/pm_netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.226",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.167",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.109",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: avoid possible UaF when selecting endp\n\nselect_local_address() and select_signal_address() both select an\nendpoint entry from the list inside an RCU protected section, but return\na reference to it, to be read later on. If the entry is dereferenced\nafter the RCU unlock, reading info could cause a Use-after-Free.\n\nA simple solution is to copy the required info while inside the RCU\nprotected section to avoid any risk of UaF later. The address ID might\nneed to be modified later to handle the ID0 case later, so a copy seems\nOK to deal with."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:26.249Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ddee5b4b6a1cc03c1e9921cf34382e094c2009f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2c865e9e3ca44fc06b5f73b29a954775e4dbb38"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b4f46f9503633dade75cb796dd1949d0e6581a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0201d65d9806d287a00e0ba96f0321835631f63f"
        },
        {
          "url": "https://git.kernel.org/stable/c/48e50dcbcbaaf713d82bf2da5c16aeced94ad07d"
        }
      ],
      "title": "mptcp: pm: avoid possible UaF when selecting endp",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44974",
    "datePublished": "2024-09-04T19:54:26.917Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:26.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:40.169819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:39.348Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ipv4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f",
              "status": "affected",
              "version": "e9bd0cca09d13ac2f08d25e195203e42d4ad1ce8",
              "versionType": "git"
            },
            {
              "lessThan": "99580ae890ec8bd98b21a2a9c6668f8f1555b62e",
              "status": "affected",
              "version": "e9bd0cca09d13ac2f08d25e195203e42d4ad1ce8",
              "versionType": "git"
            },
            {
              "lessThan": "f6fd2dbf584a4047ba88d1369ff91c9851261ec1",
              "status": "affected",
              "version": "e9bd0cca09d13ac2f08d25e195203e42d4ad1ce8",
              "versionType": "git"
            },
            {
              "lessThan": "565d121b69980637f040eb4d84289869cdaabedf",
              "status": "affected",
              "version": "e9bd0cca09d13ac2f08d25e195203e42d4ad1ce8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ipv4.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: prevent concurrent execution of tcp_sk_exit_batch\n\nIts possible that two threads call tcp_sk_exit_batch() concurrently,\nonce from the cleanup_net workqueue, once from a task that failed to clone\na new netns.  In the latter case, error unwinding calls the exit handlers\nin reverse order for the \u0027failed\u0027 netns.\n\ntcp_sk_exit_batch() calls tcp_twsk_purge().\nProblem is that since commit b099ce2602d8 (\"net: Batch inet_twsk_purge\"),\nthis function picks up twsk in any dying netns, not just the one passed\nin via exit_batch list.\n\nThis means that the error unwind of setup_net() can \"steal\" and destroy\ntimewait sockets belonging to the exiting netns.\n\nThis allows the netns exit worker to proceed to call\n\nWARN_ON_ONCE(!refcount_dec_and_test(\u0026net-\u003eipv4.tcp_death_row.tw_refcount));\n\nwithout the expected 1 -\u003e 0 transition, which then splats.\n\nAt same time, error unwind path that is also running inet_twsk_purge()\nwill splat as well:\n\nWARNING: .. at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210\n...\n refcount_dec include/linux/refcount.h:351 [inline]\n inet_twsk_kill+0x758/0x9c0 net/ipv4/inet_timewait_sock.c:70\n inet_twsk_deschedule_put net/ipv4/inet_timewait_sock.c:221\n inet_twsk_purge+0x725/0x890 net/ipv4/inet_timewait_sock.c:304\n tcp_sk_exit_batch+0x1c/0x170 net/ipv4/tcp_ipv4.c:3522\n ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n setup_net+0x714/0xb40 net/core/net_namespace.c:375\n copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n\n... because refcount_dec() of tw_refcount unexpectedly dropped to 0.\n\nThis doesn\u0027t seem like an actual bug (no tw sockets got lost and I don\u0027t\nsee a use-after-free) but as erroneous trigger of debug check.\n\nAdd a mutex to force strict ordering: the task that calls tcp_twsk_purge()\nblocks other task from doing final _dec_and_test before mutex-owner has\nremoved all tw sockets of dying netns."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:47.273Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3d9de3742f4d5c47ae35f888d3023a5b54fcd2f"
        },
        {
          "url": "https://git.kernel.org/stable/c/99580ae890ec8bd98b21a2a9c6668f8f1555b62e"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6fd2dbf584a4047ba88d1369ff91c9851261ec1"
        },
        {
          "url": "https://git.kernel.org/stable/c/565d121b69980637f040eb4d84289869cdaabedf"
        }
      ],
      "title": "tcp: prevent concurrent execution of tcp_sk_exit_batch",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44991",
    "datePublished": "2024-09-04T19:54:38.206Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:47.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:58.731411Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:12.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "f5dda8db382c5751c4e572afc7c99df7da1f83ca",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "cbb9a969fc190e85195d1b0f08038e7f6199044e",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "1f6b62392453d8f36685d19b761307a8c5617ac1",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "137d565ab89ce3584503b443bc9e00d44f482593",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "34ba4f29f3d9eb52dee37512059efb2afd7e966f",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "3939d787139e359b77aaf9485d1e145d6713d7b9",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            },
            {
              "lessThan": "3a3be7ff9224f424e485287b54be00d2c6bd9c40",
              "status": "affected",
              "version": "459aa660eb1d8ce67080da1983bb81d716aa5a69",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/gtp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: pull network headers in gtp_dev_xmit()\n\nsyzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]\n\nWe must make sure the IPv4 or Ipv6 header is pulled in skb-\u003ehead\nbefore accessing fields in them.\n\nUse pskb_inet_may_pull() to fix this issue.\n\n[1]\nBUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  ipv6_pdp_find drivers/net/gtp.c:220 [inline]\n  gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]\n  gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281\n  __netdev_start_xmit include/linux/netdevice.h:4913 [inline]\n  netdev_start_xmit include/linux/netdevice.h:4922 [inline]\n  xmit_one net/core/dev.c:3580 [inline]\n  dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596\n  __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423\n  dev_queue_xmit include/linux/netdevice.h:3105 [inline]\n  packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n  packet_snd net/packet/af_packet.c:3145 [inline]\n  packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n  slab_post_alloc_hook mm/slub.c:3994 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080\n  kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583\n  __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674\n  alloc_skb include/linux/skbuff.h:1320 [inline]\n  alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526\n  sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815\n  packet_alloc_skb net/packet/af_packet.c:2994 [inline]\n  packet_snd net/packet/af_packet.c:3088 [inline]\n  packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x30f/0x380 net/socket.c:745\n  __sys_sendto+0x685/0x830 net/socket.c:2204\n  __do_sys_sendto net/socket.c:2216 [inline]\n  __se_sys_sendto net/socket.c:2212 [inline]\n  __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212\n  x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:57.034Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d89d0c4a1c6d4d2a755e826351b0a101dbc86f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5dda8db382c5751c4e572afc7c99df7da1f83ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbb9a969fc190e85195d1b0f08038e7f6199044e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f6b62392453d8f36685d19b761307a8c5617ac1"
        },
        {
          "url": "https://git.kernel.org/stable/c/137d565ab89ce3584503b443bc9e00d44f482593"
        },
        {
          "url": "https://git.kernel.org/stable/c/34ba4f29f3d9eb52dee37512059efb2afd7e966f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3939d787139e359b77aaf9485d1e145d6713d7b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a3be7ff9224f424e485287b54be00d2c6bd9c40"
        }
      ],
      "title": "gtp: pull network headers in gtp_dev_xmit()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44999",
    "datePublished": "2024-09-04T19:54:43.601Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:57.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:16.023485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:35.458Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/kvm/kvm-s390.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "051c0a558154174cfcea301a386e4c91ade83ce1",
              "status": "affected",
              "version": "fe0ef00304639cae82df7c9ad6a15286bd5f876e",
              "versionType": "git"
            },
            {
              "lessThan": "027ac3c5092561bccce09b314a73a1c167117ef6",
              "status": "affected",
              "version": "fe0ef00304639cae82df7c9ad6a15286bd5f876e",
              "versionType": "git"
            },
            {
              "lessThan": "5a44bb061d04b0306f2aa8add761d86d152b9377",
              "status": "affected",
              "version": "fe0ef00304639cae82df7c9ad6a15286bd5f876e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/s390/kvm/kvm-s390.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: fix validity interception issue when gisa is switched off\n\nWe might run into a SIE validity if gisa has been disabled either via using\nkernel parameter \"kvm.use_gisa=0\" or by setting the related sysfs\nattribute to N (echo N \u003e/sys/module/kvm/parameters/use_gisa).\n\nThe validity is caused by an invalid value in the SIE control block\u0027s\ngisa designation. That happens because we pass the uninitialized gisa\norigin to virt_to_phys() before writing it to the gisa designation.\n\nTo fix this we return 0 in kvm_s390_get_gisa_desc() if the origin is 0.\nkvm_s390_get_gisa_desc() is used to determine which gisa designation to\nset in the SIE control block. A value of 0 in the gisa designation disables\ngisa usage.\n\nThe issue surfaces in the host kernel with the following kernel message as\nsoon a new kvm guest start is attemted.\n\nkvm: unhandled validity intercept 0x1011\nWARNING: CPU: 0 PID: 781237 at arch/s390/kvm/intercept.c:101 kvm_handle_sie_intercept+0x42e/0x4d0 [kvm]\nModules linked in: vhost_net tap tun xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT xt_tcpudp nft_compat x_tables nf_nat_tftp nf_conntrack_tftp vfio_pci_core irqbypass vhost_vsock vmw_vsock_virtio_transport_common vsock vhost vhost_iotlb kvm nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables sunrpc mlx5_ib ib_uverbs ib_core mlx5_core uvdevice s390_trng eadm_sch vfio_ccw zcrypt_cex4 mdev vfio_iommu_type1 vfio sch_fq_codel drm i2c_core loop drm_panel_orientation_quirks configfs nfnetlink lcs ctcm fsm dm_service_time ghash_s390 prng chacha_s390 libchacha aes_s390 des_s390 libdes sha3_512_s390 sha3_256_s390 sha512_s390 sha256_s390 sha1_s390 sha_common dm_mirror dm_region_hash dm_log zfcp scsi_transport_fc scsi_dh_rdac scsi_dh_emc scsi_dh_alua pkey zcrypt dm_multipath rng_core autofs4 [last unloaded: vfio_pci]\nCPU: 0 PID: 781237 Comm: CPU 0/KVM Not tainted 6.10.0-08682-gcad9f11498ea #6\nHardware name: IBM 3931 A01 701 (LPAR)\nKrnl PSW : 0704c00180000000 000003d93deb0122 (kvm_handle_sie_intercept+0x432/0x4d0 [kvm])\n           R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3\nKrnl GPRS: 000003d900000027 000003d900000023 0000000000000028 000002cd00000000\n           000002d063a00900 00000359c6daf708 00000000000bebb5 0000000000001eff\n           000002cfd82e9000 000002cfd80bc000 0000000000001011 000003d93deda412\n           000003ff8962df98 000003d93de77ce0 000003d93deb011e 00000359c6daf960\nKrnl Code: 000003d93deb0112: c020fffe7259\tlarl\t%r2,000003d93de7e5c4\n           000003d93deb0118: c0e53fa8beac\tbrasl\t%r14,000003d9bd3c7e70\n          #000003d93deb011e: af000000\t\tmc\t0,0\n          \u003e000003d93deb0122: a728ffea\t\tlhi\t%r2,-22\n           000003d93deb0126: a7f4fe24\t\tbrc\t15,000003d93deafd6e\n           000003d93deb012a: 9101f0b0\t\ttm\t176(%r15),1\n           000003d93deb012e: a774fe48\t\tbrc\t7,000003d93deafdbe\n           000003d93deb0132: 40a0f0ae\t\tsth\t%r10,174(%r15)\nCall Trace:\n [\u003c000003d93deb0122\u003e] kvm_handle_sie_intercept+0x432/0x4d0 [kvm]\n([\u003c000003d93deb011e\u003e] kvm_handle_sie_intercept+0x42e/0x4d0 [kvm])\n [\u003c000003d93deacc10\u003e] vcpu_post_run+0x1d0/0x3b0 [kvm]\n [\u003c000003d93deaceda\u003e] __vcpu_run+0xea/0x2d0 [kvm]\n [\u003c000003d93dead9da\u003e] kvm_arch_vcpu_ioctl_run+0x16a/0x430 [kvm]\n [\u003c000003d93de93ee0\u003e] kvm_vcpu_ioctl+0x190/0x7c0 [kvm]\n [\u003c000003d9bd728b4e\u003e] vfs_ioctl+0x2e/0x70\n [\u003c000003d9bd72a092\u003e] __s390x_sys_ioctl+0xc2/0xd0\n [\u003c000003d9be0e9222\u003e] __do_syscall+0x1f2/0x2e0\n [\u003c000003d9be0f9a90\u003e] system_call+0x70/0x98\nLast Breaking-Event-Address:\n [\u003c000003d9bd3c7f58\u003e] __warn_printk+0xe8/0xf0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:04.606Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/051c0a558154174cfcea301a386e4c91ade83ce1"
        },
        {
          "url": "https://git.kernel.org/stable/c/027ac3c5092561bccce09b314a73a1c167117ef6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a44bb061d04b0306f2aa8add761d86d152b9377"
        }
      ],
      "title": "KVM: s390: fix validity interception issue when gisa is switched off",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45005",
    "datePublished": "2024-09-04T19:54:47.694Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2024-12-19T09:20:04.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44963",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:41.059166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.583Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c",
            "fs/btrfs/extent-tree.c",
            "fs/btrfs/extent-tree.h",
            "fs/btrfs/free-space-tree.c",
            "fs/btrfs/ioctl.c",
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "22d907bcd283d69d5e60497fc0d51969545c583b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "98251cd60b4d702a8a81de442ab621e83a3fb24f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bb3868033a4cccff7be57e9145f2117cbdc91c11",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/ctree.c",
            "fs/btrfs/extent-tree.c",
            "fs/btrfs/extent-tree.h",
            "fs/btrfs/free-space-tree.c",
            "fs/btrfs/ioctl.c",
            "fs/btrfs/qgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() when freeing tree block after error\n\nWhen freeing a tree block, at btrfs_free_tree_block(), if we fail to\ncreate a delayed reference we don\u0027t deal with the error and just do a\nBUG_ON(). The error most likely to happen is -ENOMEM, and we have a\ncomment mentioning that only -ENOMEM can happen, but that is not true,\nbecause in case qgroups are enabled any error returned from\nbtrfs_qgroup_trace_extent_post() (can be -EUCLEAN or anything returned\nfrom btrfs_search_slot() for example) can be propagated back to\nbtrfs_free_tree_block().\n\nSo stop doing a BUG_ON() and return the error to the callers and make\nthem abort the transaction to prevent leaking space. Syzbot was\ntriggering this, likely due to memory allocation failure injection."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:13.079Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b"
        },
        {
          "url": "https://git.kernel.org/stable/c/98251cd60b4d702a8a81de442ab621e83a3fb24f"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb3868033a4cccff7be57e9145f2117cbdc91c11"
        }
      ],
      "title": "btrfs: do not BUG_ON() when freeing tree block after error",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44963",
    "datePublished": "2024-09-04T18:36:00.948Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:13.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:13.660426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufshcd-priv.h",
            "drivers/ufs/core/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a4921b76bc9421d3838e167f6a17ea3112d8fe62",
              "status": "affected",
              "version": "06701a545e9a3c4e007cff6872a074bf97c40619",
              "versionType": "git"
            },
            {
              "lessThan": "f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5",
              "status": "affected",
              "version": "6bf999e0eb41850d5c857102535d5c53b2ede224",
              "versionType": "git"
            },
            {
              "lessThan": "3911af778f208e5f49d43ce739332b91e26bc48e",
              "status": "affected",
              "version": "6bf999e0eb41850d5c857102535d5c53b2ede224",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ufs/core/ufshcd-priv.h",
            "drivers/ufs/core/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix deadlock during RTC update\n\nThere is a deadlock when runtime suspend waits for the flush of RTC work,\nand the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume.\n\nHere is deadlock backtrace:\n\nkworker/0:1     D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367\nptr            f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff\n\u003cffffffee5e71ddb0\u003e __switch_to+0x1a8/0x2d4\n\u003cffffffee5e71e604\u003e __schedule+0x684/0xa98\n\u003cffffffee5e71ea60\u003e schedule+0x48/0xc8\n\u003cffffffee5e725f78\u003e schedule_timeout+0x48/0x170\n\u003cffffffee5e71fb74\u003e do_wait_for_common+0x108/0x1b0\n\u003cffffffee5e71efe0\u003e wait_for_completion+0x44/0x60\n\u003cffffffee5d6de968\u003e __flush_work+0x39c/0x424\n\u003cffffffee5d6decc0\u003e __cancel_work_sync+0xd8/0x208\n\u003cffffffee5d6dee2c\u003e cancel_delayed_work_sync+0x14/0x28\n\u003cffffffee5e2551b8\u003e __ufshcd_wl_suspend+0x19c/0x480\n\u003cffffffee5e255fb8\u003e ufshcd_wl_runtime_suspend+0x3c/0x1d4\n\u003cffffffee5dffd80c\u003e scsi_runtime_suspend+0x78/0xc8\n\u003cffffffee5df93580\u003e __rpm_callback+0x94/0x3e0\n\u003cffffffee5df90b0c\u003e rpm_suspend+0x2d4/0x65c\n\u003cffffffee5df91448\u003e __pm_runtime_suspend+0x80/0x114\n\u003cffffffee5dffd95c\u003e scsi_runtime_idle+0x38/0x6c\n\u003cffffffee5df912f4\u003e rpm_idle+0x264/0x338\n\u003cffffffee5df90f14\u003e __pm_runtime_idle+0x80/0x110\n\u003cffffffee5e24ce44\u003e ufshcd_rtc_work+0x128/0x1e4\n\u003cffffffee5d6e3a40\u003e process_one_work+0x26c/0x650\n\u003cffffffee5d6e65c8\u003e worker_thread+0x260/0x3d8\n\u003cffffffee5d6edec8\u003e kthread+0x110/0x134\n\u003cffffffee5d616b18\u003e ret_from_fork+0x10/0x20\n\nSkip updating RTC if RPM state is not RPM_ACTIVE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T17:56:36.260Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a4921b76bc9421d3838e167f6a17ea3112d8fe62"
        },
        {
          "url": "https://git.kernel.org/stable/c/f13f1858a28c68b7fc0d72c2008d5c1f80d2e8d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3911af778f208e5f49d43ce739332b91e26bc48e"
        }
      ],
      "title": "scsi: ufs: core: Fix deadlock during RTC update",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44953",
    "datePublished": "2024-09-04T18:35:52.974Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2025-03-07T17:56:36.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:33.847439Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pti.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "18da1b27ce16a14a9b636af9232acb4fb24f4c9e",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "25a727233a40a9b33370eec9f0cad67d8fd312f8",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "4d143ae782009b43b4f366402e5c37f59d4e4346",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "5c580c1050bcbc15c3e78090859d798dcf8c9763",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "df3eecb5496f87263d171b254ca6e2758ab3c35c",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            },
            {
              "lessThan": "41e71dbb0e0a0fe214545fe64af031303a08524c",
              "status": "affected",
              "version": "16a3fe634f6a568c6234b8747e5d50487fed3526",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pti.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Fix pti_clone_pgtable() alignment assumption\n\nGuenter reported dodgy crashes on an i386-nosmp build using GCC-11\nthat had the form of endless traps until entry stack exhaust and then\n#DF from the stack guard.\n\nIt turned out that pti_clone_pgtable() had alignment assumptions on\nthe start address, notably it hard assumes start is PMD aligned. This\nis true on x86_64, but very much not true on i386.\n\nThese assumptions can cause the end condition to malfunction, leading\nto a \u0027short\u0027 clone. Guess what happens when the user mapping has a\nshort copy of the entry text?\n\nUse the correct increment form for addr to avoid alignment\nassumptions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:15.387Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/18da1b27ce16a14a9b636af9232acb4fb24f4c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/25a727233a40a9b33370eec9f0cad67d8fd312f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d00c9b4bbc442d99e1dafbdfdab848bc1ead73f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d143ae782009b43b4f366402e5c37f59d4e4346"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c580c1050bcbc15c3e78090859d798dcf8c9763"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca07aab70dd3b5e7fddb62d7a6ecd7a7d6d0b2ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/df3eecb5496f87263d171b254ca6e2758ab3c35c"
        },
        {
          "url": "https://git.kernel.org/stable/c/41e71dbb0e0a0fe214545fe64af031303a08524c"
        }
      ],
      "title": "x86/mm: Fix pti_clone_pgtable() alignment assumption",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44965",
    "datePublished": "2024-09-04T18:36:02.762Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:15.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:18:14.996929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:17.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/workqueue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "90a6a844b2d9927d192758438a4ada33d8cd9de5",
              "status": "affected",
              "version": "1211f3b21c2aa0d22d8d7f050e3a5930a91cd0e4",
              "versionType": "git"
            },
            {
              "lessThan": "38f7e14519d39cf524ddc02d4caee9b337dad703",
              "status": "affected",
              "version": "1211f3b21c2aa0d22d8d7f050e3a5930a91cd0e4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/workqueue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix UBSAN \u0027subtraction overflow\u0027 error in shift_and_mask()\n\nUBSAN reports the following \u0027subtraction overflow\u0027 error when booting\nin a virtual machine on Android:\n\n | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4\n | Hardware name: linux,dummy-virt (DT)\n | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n | pc : cancel_delayed_work+0x34/0x44\n | lr : cancel_delayed_work+0x2c/0x44\n | sp : ffff80008002ba60\n | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000\n | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0\n | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058\n | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d\n | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000\n | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000\n | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553\n | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620\n | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000\n | Call trace:\n |  cancel_delayed_work+0x34/0x44\n |  deferred_probe_extend_timeout+0x20/0x70\n |  driver_register+0xa8/0x110\n |  __platform_driver_register+0x28/0x3c\n |  syscon_init+0x24/0x38\n |  do_one_initcall+0xe4/0x338\n |  do_initcall_level+0xac/0x178\n |  do_initcalls+0x5c/0xa0\n |  do_basic_setup+0x20/0x30\n |  kernel_init_freeable+0x8c/0xf8\n |  kernel_init+0x28/0x1b4\n |  ret_from_fork+0x10/0x20\n | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0)\n | ---[ end trace 0000000000000000 ]---\n | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception\n\nThis is due to shift_and_mask() using a signed immediate to construct\nthe mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so\nthat it ends up decrementing from INT_MIN.\n\nUse an unsigned constant \u00271U\u0027 to generate the mask in shift_and_mask()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:34.692Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/90a6a844b2d9927d192758438a4ada33d8cd9de5"
        },
        {
          "url": "https://git.kernel.org/stable/c/38f7e14519d39cf524ddc02d4caee9b337dad703"
        }
      ],
      "title": "workqueue: Fix UBSAN \u0027subtraction overflow\u0027 error in shift_and_mask()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44981",
    "datePublished": "2024-09-04T19:54:31.505Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:34.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:20:05.005399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:13.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e891b36de161fcd96f12ff83667473e5067b9037",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "3574d28caf9a09756ae87ad1ea096c6f47b6101e",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "6ab6bf731354a6fdbaa617d1ec194960db61cf3b",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "56efc253196751ece1fc535a5b582be127b0578a",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            },
            {
              "lessThan": "da273b377ae0d9bd255281ed3c2adb228321687b",
              "status": "affected",
              "version": "5796015fa968a3349027a27dcd04c71d95c53ba5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in ip6_finish_output2()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand associated dst/idev could also have been freed.\n\nWe need to hold rcu_read_lock() to make sure the dst and\nassociated idev are alive."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:41.116Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e891b36de161fcd96f12ff83667473e5067b9037"
        },
        {
          "url": "https://git.kernel.org/stable/c/3574d28caf9a09756ae87ad1ea096c6f47b6101e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/56efc253196751ece1fc535a5b582be127b0578a"
        },
        {
          "url": "https://git.kernel.org/stable/c/da273b377ae0d9bd255281ed3c2adb228321687b"
        }
      ],
      "title": "ipv6: fix possible UAF in ip6_finish_output2()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44986",
    "datePublished": "2024-09-04T19:54:34.852Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:41.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:51.783797Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:07.787Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/netfs/fscache_cookie.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b8a50877f68efdcc0be3fcc5116e00c31b90e45b",
              "status": "affected",
              "version": "12bb21a29c19aae50cfad4e2bb5c943108f34a7d",
              "versionType": "git"
            },
            {
              "lessThan": "dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6",
              "status": "affected",
              "version": "12bb21a29c19aae50cfad4e2bb5c943108f34a7d",
              "versionType": "git"
            },
            {
              "lessThan": "0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d",
              "status": "affected",
              "version": "12bb21a29c19aae50cfad4e2bb5c943108f34a7d",
              "versionType": "git"
            },
            {
              "lessThan": "f71aa06398aabc2e3eaac25acdf3d62e0094ba70",
              "status": "affected",
              "version": "12bb21a29c19aae50cfad4e2bb5c943108f34a7d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/netfs/fscache_cookie.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/netfs/fscache_cookie: add missing \"n_accesses\" check\n\nThis fixes a NULL pointer dereference bug due to a data race which\nlooks like this:\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000008\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43\n  Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018\n  Workqueue: events_unbound netfs_rreq_write_to_cache_work\n  RIP: 0010:cachefiles_prepare_write+0x30/0xa0\n  Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 \u003c48\u003e 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10\n  RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286\n  RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000\n  RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438\n  RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001\n  R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68\n  R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00\n  FS:  0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0\n  Call Trace:\n   \u003cTASK\u003e\n   ? __die+0x1f/0x70\n   ? page_fault_oops+0x15d/0x440\n   ? search_module_extables+0xe/0x40\n   ? fixup_exception+0x22/0x2f0\n   ? exc_page_fault+0x5f/0x100\n   ? asm_exc_page_fault+0x22/0x30\n   ? cachefiles_prepare_write+0x30/0xa0\n   netfs_rreq_write_to_cache_work+0x135/0x2e0\n   process_one_work+0x137/0x2c0\n   worker_thread+0x2e9/0x400\n   ? __pfx_worker_thread+0x10/0x10\n   kthread+0xcc/0x100\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x30/0x50\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1b/0x30\n   \u003c/TASK\u003e\n  Modules linked in:\n  CR2: 0000000000000008\n  ---[ end trace 0000000000000000 ]---\n\nThis happened because fscache_cookie_state_machine() was slow and was\nstill running while another process invoked fscache_unuse_cookie();\nthis led to a fscache_cookie_lru_do_one() call, setting the\nFSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by\nfscache_cookie_state_machine(), withdrawing the cookie via\ncachefiles_withdraw_cookie(), clearing cookie-\u003ecache_priv.\n\nAt the same time, yet another process invoked\ncachefiles_prepare_write(), which found a NULL pointer in this code\nline:\n\n  struct cachefiles_object *object = cachefiles_cres_object(cres);\n\nThe next line crashes, obviously:\n\n  struct cachefiles_cache *cache = object-\u003evolume-\u003ecache;\n\nDuring cachefiles_prepare_write(), the \"n_accesses\" counter is\nnon-zero (via fscache_begin_operation()).  The cookie must not be\nwithdrawn until it drops to zero.\n\nThe counter is checked by fscache_cookie_state_machine() before\nswitching to FSCACHE_COOKIE_STATE_RELINQUISHING and\nFSCACHE_COOKIE_STATE_WITHDRAWING (in \"case\nFSCACHE_COOKIE_STATE_FAILED\"), but not for\nFSCACHE_COOKIE_STATE_LRU_DISCARDING (\"case\nFSCACHE_COOKIE_STATE_ACTIVE\").\n\nThis patch adds the missing check.  With a non-zero access counter,\nthe function returns and the next fscache_end_cookie_access() call\nwill queue another fscache_cookie_state_machine() call to handle the\nstill-pending FSCACHE_COOKIE_DO_LRU_DISCARD."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:58.235Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b8a50877f68efdcc0be3fcc5116e00c31b90e45b"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a4d41fa14b2a0efd40e350cfe8ec6a4c998ac1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f71aa06398aabc2e3eaac25acdf3d62e0094ba70"
        }
      ],
      "title": "fs/netfs/fscache_cookie: add missing \"n_accesses\" check",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45000",
    "datePublished": "2024-09-04T19:54:44.273Z",
    "dateReserved": "2024-08-21T05:34:56.677Z",
    "dateUpdated": "2024-12-19T09:19:58.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:00.406164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/privcmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "49f2a5da6785b2dbde93e291cae037662440346e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1c682593096a487fd9aebc079a307ff7a6d054a3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/privcmd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: privcmd: Switch from mutex to spinlock for irqfds\n\nirqfd_wakeup() gets EPOLLHUP, when it is called by\neventfd_release() by way of wake_up_poll(\u0026ctx-\u003ewqh, EPOLLHUP), which\ngets called under spin_lock_irqsave(). We can\u0027t use a mutex here as it\nwill lead to a deadlock.\n\nFix it by switching over to a spin lock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:06.134Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3"
        }
      ],
      "title": "xen: privcmd: Switch from mutex to spinlock for irqfds",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44957",
    "datePublished": "2024-09-04T18:35:55.939Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:06.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:02.092262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:23.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "409b495f8e3300d5fba08bc817fa8825dae48cc9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5d3567caff2a1d678aa40cc74a54e1318941fad3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "aa1a19724fa2c31e97a9be48baedd4692b265157",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ccbde4b128ef9c73d14d0d7817d68ef795f6d131",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/char/xillybus/xillyusb.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Don\u0027t destroy workqueue from work item running on it\n\nTriggered by a kref decrement, destroy_workqueue() may be called from\nwithin a work item for destroying its own workqueue. This illegal\nsituation is averted by adding a module-global workqueue for exclusive\nuse of the offending work item. Other work items continue to be queued\non per-device workqueues to ensure performance."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:07.061Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d3567caff2a1d678aa40cc74a54e1318941fad3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7ad105b12256ec7fb6d6d1a0e2e60f00b7da157"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa1a19724fa2c31e97a9be48baedd4692b265157"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccbde4b128ef9c73d14d0d7817d68ef795f6d131"
        }
      ],
      "title": "char: xillybus: Don\u0027t destroy workqueue from work item running on it",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45007",
    "datePublished": "2024-09-04T19:54:49.037Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2024-12-19T09:20:07.061Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44962",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:44.259194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.727Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/btnxpuart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016",
              "status": "affected",
              "version": "ab3a769b4dccec2cf60f0a0700b140991bf9afc8",
              "versionType": "git"
            },
            {
              "lessThan": "28bbb5011a9723700006da67bdb57ab6a914452b",
              "status": "affected",
              "version": "ab3a769b4dccec2cf60f0a0700b140991bf9afc8",
              "versionType": "git"
            },
            {
              "lessThan": "0d0df1e750bac0fdaa77940e711c1625cff08d33",
              "status": "affected",
              "version": "ab3a769b4dccec2cf60f0a0700b140991bf9afc8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/btnxpuart.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading\n\nWhen unload the btnxpuart driver, its associated timer will be deleted.\nIf the timer happens to be modified at this moment, it leads to the\nkernel call this timer even after the driver unloaded, resulting in\nkernel panic.\nUse timer_shutdown_sync() instead of del_timer_sync() to prevent rearming.\n\npanic log:\n  Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP\n  Modules linked in: algif_hash algif_skcipher af_alg moal(O) mlan(O) crct10dif_ce polyval_ce polyval_generic   snd_soc_imx_card snd_soc_fsl_asoc_card snd_soc_imx_audmux mxc_jpeg_encdec v4l2_jpeg snd_soc_wm8962 snd_soc_fsl_micfil   snd_soc_fsl_sai flexcan snd_soc_fsl_utils ap130x rpmsg_ctrl imx_pcm_dma can_dev rpmsg_char pwm_fan fuse [last unloaded:   btnxpuart]\n  CPU: 5 PID: 723 Comm: memtester Tainted: G           O       6.6.23-lts-next-06207-g4aef2658ac28 #1\n  Hardware name: NXP i.MX95 19X19 board (DT)\n  pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n  pc : 0xffff80007a2cf464\n  lr : call_timer_fn.isra.0+0x24/0x80\n...\n  Call trace:\n   0xffff80007a2cf464\n   __run_timers+0x234/0x280\n   run_timer_softirq+0x20/0x40\n   __do_softirq+0x100/0x26c\n   ____do_softirq+0x10/0x1c\n   call_on_irq_stack+0x24/0x4c\n   do_softirq_own_stack+0x1c/0x2c\n   irq_exit_rcu+0xc0/0xdc\n   el0_interrupt+0x54/0xd8\n   __el0_irq_handler_common+0x18/0x24\n   el0t_64_irq_handler+0x10/0x1c\n   el0t_64_irq+0x190/0x194\n  Code: ???????? ???????? ???????? ???????? (????????)\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Oops: Fatal exception in interrupt\n  SMP: stopping secondary CPUs\n  Kernel Offset: disabled\n  CPU features: 0x0,c0000000,40028143,1000721b\n  Memory Limit: none\n  ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:11.830Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4d9adcb94d55e9be8a3e464d9f2ff7d27e2ed016"
        },
        {
          "url": "https://git.kernel.org/stable/c/28bbb5011a9723700006da67bdb57ab6a914452b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d0df1e750bac0fdaa77940e711c1625cff08d33"
        }
      ],
      "title": "Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44962",
    "datePublished": "2024-09-04T18:35:59.990Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:11.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:45.863668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:23.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "81216b9352be43f8958092d379f6dec85443c309",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "32a0173600c63aadaf2103bf02f074982e8602ab",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "0707260a18312bbcd2a5668584e3692d0a29e3f6",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "b70b0ddfed31fc92c8dc722d0afafc8e14cb550c",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "95c90e4ad89d493a7a14fa200082e466e2548f9d",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:46.120Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59"
        },
        {
          "url": "https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c"
        },
        {
          "url": "https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d"
        }
      ],
      "title": "bonding: fix null pointer deref in bond_ipsec_offload_ok",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44990",
    "datePublished": "2024-09-04T19:54:37.518Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:46.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:42.711602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:02.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microsoft/mana/mana_en.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa",
              "status": "affected",
              "version": "80f6215b450eb8e92d8b1f117abf5ecf867f963e",
              "versionType": "git"
            },
            {
              "lessThan": "e6bea6a45f8a401f3d5a430bc81814f0cc8848cf",
              "status": "affected",
              "version": "80f6215b450eb8e92d8b1f117abf5ecf867f963e",
              "versionType": "git"
            },
            {
              "lessThan": "32316f676b4ee87c0404d333d248ccf777f739bc",
              "status": "affected",
              "version": "80f6215b450eb8e92d8b1f117abf5ecf867f963e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/microsoft/mana/mana_en.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix RX buf alloc_size alignment and atomic op panic\n\nThe MANA driver\u0027s RX buffer alloc_size is passed into napi_build_skb() to\ncreate SKB. skb_shinfo(skb) is located at the end of skb, and its alignment\nis affected by the alloc_size passed into napi_build_skb(). The size needs\nto be aligned properly for better performance and atomic operations.\nOtherwise, on ARM64 CPU, for certain MTU settings like 4000, atomic\noperations may panic on the skb_shinfo(skb)-\u003edataref due to alignment fault.\n\nTo fix this bug, add proper alignment to the alloc_size calculation.\n\nSample panic info:\n[  253.298819] Unable to handle kernel paging request at virtual address ffff000129ba5cce\n[  253.300900] Mem abort info:\n[  253.301760]   ESR = 0x0000000096000021\n[  253.302825]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  253.304268]   SET = 0, FnV = 0\n[  253.305172]   EA = 0, S1PTW = 0\n[  253.306103]   FSC = 0x21: alignment fault\nCall trace:\n __skb_clone+0xfc/0x198\n skb_clone+0x78/0xe0\n raw6_local_deliver+0xfc/0x228\n ip6_protocol_deliver_rcu+0x80/0x500\n ip6_input_finish+0x48/0x80\n ip6_input+0x48/0xc0\n ip6_sublist_rcv_finish+0x50/0x78\n ip6_sublist_rcv+0x1cc/0x2b8\n ipv6_list_rcv+0x100/0x150\n __netif_receive_skb_list_core+0x180/0x220\n netif_receive_skb_list_internal+0x198/0x2a8\n __napi_poll+0x138/0x250\n net_rx_action+0x148/0x330\n handle_softirqs+0x12c/0x3a0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:59.409Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/65f20b174ec0172f2d6bcfd8533ab9c9e7e347fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6bea6a45f8a401f3d5a430bc81814f0cc8848cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/32316f676b4ee87c0404d333d248ccf777f739bc"
        }
      ],
      "title": "net: mana: Fix RX buf alloc_size alignment and atomic op panic",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45001",
    "datePublished": "2024-09-04T19:54:44.961Z",
    "dateReserved": "2024-08-21T05:34:56.678Z",
    "dateUpdated": "2024-12-19T09:19:59.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44993",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:29.527416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:42.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d656b82c4b30cf12715e6cd129d3df808fde24a7",
              "status": "affected",
              "version": "0ad5bc1ce4634ce9b5eaf017b01399ec5e49a03d",
              "versionType": "git"
            },
            {
              "lessThan": "497d370a644d95a9f04271aa92cb96d32e84c770",
              "status": "affected",
              "version": "0ad5bc1ce4634ce9b5eaf017b01399ec5e49a03d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/v3d/v3d_sched.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`\n\nWhen enabling UBSAN on Raspberry Pi 5, we get the following warning:\n\n[  387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3\n[  387.903868] index 7 is out of range for type \u0027__u32 [7]\u0027\n[  387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G        WC         6.10.3-v8-16k-numa #151\n[  387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)\n[  387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]\n[  387.932525] Call trace:\n[  387.935296]  dump_backtrace+0x170/0x1b8\n[  387.939403]  show_stack+0x20/0x38\n[  387.942907]  dump_stack_lvl+0x90/0xd0\n[  387.946785]  dump_stack+0x18/0x28\n[  387.950301]  __ubsan_handle_out_of_bounds+0x98/0xd0\n[  387.955383]  v3d_csd_job_run+0x3a8/0x438 [v3d]\n[  387.960707]  drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]\n[  387.966862]  process_one_work+0x62c/0xb48\n[  387.971296]  worker_thread+0x468/0x5b0\n[  387.975317]  kthread+0x1c4/0x1e0\n[  387.978818]  ret_from_fork+0x10/0x20\n[  387.983014] ---[ end trace ]---\n\nThis happens because the UAPI provides only seven configuration\nregisters and we are reading the eighth position of this u32 array.\n\nTherefore, fix the out-of-bounds read in `v3d_csd_job_run()` by\naccessing only seven positions on the \u0027__u32 [7]\u0027 array. The eighth\nregister exists indeed on V3D 7.1, but it isn\u0027t currently used. That\nbeing so, let\u0027s guarantee that it remains unused and add a note that it\ncould be set in a future patch."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:49.535Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d656b82c4b30cf12715e6cd129d3df808fde24a7"
        },
        {
          "url": "https://git.kernel.org/stable/c/497d370a644d95a9f04271aa92cb96d32e84c770"
        }
      ],
      "title": "drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44993",
    "datePublished": "2024-09-04T19:54:39.545Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:49.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fa4e6ae38574d0fc5596272bee64727d8ab7052b",
              "status": "affected",
              "version": "578fcfd26e2a1d0e687b347057959228567e2af8",
              "versionType": "git"
            },
            {
              "lessThan": "95a305ba259b685780ed62ea2295aa2feb2d6c0c",
              "status": "affected",
              "version": "578fcfd26e2a1d0e687b347057959228567e2af8",
              "versionType": "git"
            },
            {
              "lessThan": "8baeef7616d5194045c5a6b97fd1246b87c55b13",
              "status": "affected",
              "version": "578fcfd26e2a1d0e687b347057959228567e2af8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix double DMA unmapping for XDP_REDIRECT\n\nRemove the dma_unmap_page_attrs() call in the driver\u0027s XDP_REDIRECT\ncode path.  This should have been removed when we let the page pool\nhandle the DMA mapping.  This bug causes the warning:\n\nWARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100\nCPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G        W          6.8.0-1010-gcp #11-Ubuntu\nHardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS 2.15.2 04/02/2024\nRIP: 0010:iommu_dma_unmap_page+0xd5/0x100\nCode: 89 ee 48 89 df e8 cb f2 69 ff 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9 31 f6 31 ff 45 31 c0 e9 ab 17 71 00 \u003c0f\u003e 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 c9\nRSP: 0018:ffffab1fc0597a48 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff99ff838280c8 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffab1fc0597a78 R08: 0000000000000002 R09: ffffab1fc0597c1c\nR10: ffffab1fc0597cd3 R11: ffff99ffe375acd8 R12: 00000000e65b9000\nR13: 0000000000000050 R14: 0000000000001000 R15: 0000000000000002\nFS:  0000000000000000(0000) GS:ffff9a06efb80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000565c34c37210 CR3: 00000005c7e3e000 CR4: 0000000000350ef0\n? show_regs+0x6d/0x80\n? __warn+0x89/0x150\n? iommu_dma_unmap_page+0xd5/0x100\n? report_bug+0x16a/0x190\n? handle_bug+0x51/0xa0\n? exc_invalid_op+0x18/0x80\n? iommu_dma_unmap_page+0xd5/0x100\n? iommu_dma_unmap_page+0x35/0x100\ndma_unmap_page_attrs+0x55/0x220\n? bpf_prog_4d7e87c0d30db711_xdp_dispatcher+0x64/0x9f\nbnxt_rx_xdp+0x237/0x520 [bnxt_en]\nbnxt_rx_pkt+0x640/0xdd0 [bnxt_en]\n__bnxt_poll_work+0x1a1/0x3d0 [bnxt_en]\nbnxt_poll+0xaa/0x1e0 [bnxt_en]\n__napi_poll+0x33/0x1e0\nnet_rx_action+0x18a/0x2f0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:38.164Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fa4e6ae38574d0fc5596272bee64727d8ab7052b"
        },
        {
          "url": "https://git.kernel.org/stable/c/95a305ba259b685780ed62ea2295aa2feb2d6c0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8baeef7616d5194045c5a6b97fd1246b87c55b13"
        }
      ],
      "title": "bnxt_en: Fix double DMA unmapping for XDP_REDIRECT",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44984",
    "datePublished": "2024-09-04T19:54:33.487Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:38.164Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:27.630336Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.025Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mgag200/mgag200_i2c.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "55a6916db77102765b22855d3a0add4751988b7c",
              "status": "affected",
              "version": "b279df242972ae816a75cf1cc732af836f999100",
              "versionType": "git"
            },
            {
              "lessThan": "81d34df843620e902dd04aa9205c875833d61c17",
              "status": "affected",
              "version": "b279df242972ae816a75cf1cc732af836f999100",
              "versionType": "git"
            },
            {
              "lessThan": "9d96b91e03cba9dfcb4ac370c93af4dbc47d5191",
              "status": "affected",
              "version": "b279df242972ae816a75cf1cc732af836f999100",
              "versionType": "git"
            },
            {
              "lessThan": "eb1ae34e48a09b7a1179c579aed042b032e408f4",
              "status": "affected",
              "version": "b279df242972ae816a75cf1cc732af836f999100",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mgag200/mgag200_i2c.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mgag200: Bind I2C lifetime to DRM device\n\nManaged cleanup with devm_add_action_or_reset() will release the I2C\nadapter when the underlying Linux device goes away. But the connector\nstill refers to it, so this cleanup leaves behind a stale pointer\nin struct drm_connector.ddc.\n\nBind the lifetime of the I2C adapter to the connector\u0027s lifetime by\nusing DRM\u0027s managed release. When the DRM device goes away (after\nthe Linux device) DRM will first clean up the connector and then\nclean up the I2C adapter."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:17.841Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4"
        }
      ],
      "title": "drm/mgag200: Bind I2C lifetime to DRM device",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44967",
    "datePublished": "2024-09-04T18:56:44.814Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:17.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:33.957128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:56.891Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "tools/tracing/rtla/src/osnoise_top.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac",
              "status": "affected",
              "version": "1eceb2fc2ca549a170d7ee7cd1fde2daeda646ac",
              "versionType": "git"
            },
            {
              "lessThan": "753f1745146e03abd17eec8eee95faffc96d743d",
              "status": "affected",
              "version": "1eceb2fc2ca549a170d7ee7cd1fde2daeda646ac",
              "versionType": "git"
            },
            {
              "lessThan": "abdb9ddaaab476e62805e36cce7b4ef8413ffd01",
              "status": "affected",
              "version": "1eceb2fc2ca549a170d7ee7cd1fde2daeda646ac",
              "versionType": "git"
            },
            {
              "lessThan": "90574d2a675947858b47008df8d07f75ea50d0d0",
              "status": "affected",
              "version": "1eceb2fc2ca549a170d7ee7cd1fde2daeda646ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "tools/tracing/rtla/src/osnoise_top.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtla/osnoise: Prevent NULL dereference in error handling\n\nIf the \"tool-\u003edata\" allocation fails then there is no need to call\nosnoise_free_top() and, in fact, doing so will lead to a NULL dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:01.009Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fc575212c6b75d538e1a0a74f4c7e2ac73bc46ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/753f1745146e03abd17eec8eee95faffc96d743d"
        },
        {
          "url": "https://git.kernel.org/stable/c/abdb9ddaaab476e62805e36cce7b4ef8413ffd01"
        },
        {
          "url": "https://git.kernel.org/stable/c/90574d2a675947858b47008df8d07f75ea50d0d0"
        }
      ],
      "title": "rtla/osnoise: Prevent NULL dereference in error handling",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45002",
    "datePublished": "2024-09-04T19:54:45.611Z",
    "dateReserved": "2024-08-21T05:34:56.678Z",
    "dateUpdated": "2024-12-19T09:20:01.009Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:10.329711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/line6/driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "643293b68fbb6c03f5e907736498da17d43f0d81",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e7e7d2b180d8f297cea6db43ea72402fd33e1a29",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a54da4b787dcac60b598da69c9c0072812b8282d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c80f454a805443c274394b1db0d1ebf477abd94e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "535df7f896a568a8a1564114eaea49d002cb1747",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "51d87f11dd199bbc6a85982b088ff27bde53b48a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "15b7a03205b31bc5623378c190d22b7ff60026f1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/usb/line6/driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: line6: Fix racy access to midibuf\n\nThere can be concurrent accesses to line6 midibuf from both the URB\ncompletion callback and the rawmidi API access.  This could be a cause\nof KMSAN warning triggered by syzkaller below (so put as reported-by\nhere).\n\nThis patch protects the midibuf call of the former code path with a\nspinlock for avoiding the possible races."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:02.720Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81"
        },
        {
          "url": "https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29"
        },
        {
          "url": "https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d"
        },
        {
          "url": "https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e"
        },
        {
          "url": "https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747"
        },
        {
          "url": "https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a"
        },
        {
          "url": "https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1"
        }
      ],
      "title": "ALSA: line6: Fix racy access to midibuf",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44954",
    "datePublished": "2024-09-04T18:35:53.730Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:02.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T01:05:42.699758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T01:07:00.575Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3a3d5333c13a1be57499581eab4a8fc94d57f36",
              "status": "affected",
              "version": "81d626b00bdba16504eeae9cc891b18e83a9471a",
              "versionType": "git"
            },
            {
              "lessThan": "c47e022011719fc5727bca661d662303180535ba",
              "status": "affected",
              "version": "ee6b1db17f8287b615448488fc37f42bcfe9ece6",
              "versionType": "git"
            },
            {
              "lessThan": "975f764e96f71616b530e300c1bb2ac0ce0c2596",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "38a21c026ed2cc7232414cb166efc1923f34af17",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "124b428fe28064c809e4237b0b38e97200a8a4a8",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "fc88d6c1f2895a5775795d82ec581afdff7661d1",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            },
            {
              "lessThan": "2d5ff7e339d04622d8282661df36151906d0e1c7",
              "status": "affected",
              "version": "0c9f227bee11910a49e1d159abe102d06e3745d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible UAF in ip6_xmit()\n\nIf skb_expand_head() returns NULL, skb has been freed\nand the associated dst/idev could also have been freed.\n\nWe must use rcu_read_lock() to prevent a possible UAF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T15:35:26.143Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3a3d5333c13a1be57499581eab4a8fc94d57f36"
        },
        {
          "url": "https://git.kernel.org/stable/c/c47e022011719fc5727bca661d662303180535ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/975f764e96f71616b530e300c1bb2ac0ce0c2596"
        },
        {
          "url": "https://git.kernel.org/stable/c/38a21c026ed2cc7232414cb166efc1923f34af17"
        },
        {
          "url": "https://git.kernel.org/stable/c/124b428fe28064c809e4237b0b38e97200a8a4a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc88d6c1f2895a5775795d82ec581afdff7661d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d5ff7e339d04622d8282661df36151906d0e1c7"
        }
      ],
      "title": "ipv6: prevent possible UAF in ip6_xmit()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44985",
    "datePublished": "2024-09-04T19:54:34.188Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2025-01-09T15:35:26.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:10.367821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:22.792Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mediatek/mtk_wed.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "326a89321f9d5fe399fe6f9ff7c0fc766582a6a0",
              "status": "affected",
              "version": "799684448e3e1f57257a6155541e53510488f67b",
              "versionType": "git"
            },
            {
              "lessThan": "b453a4bbda03aa8741279c360ac82d1c3ac33548",
              "status": "affected",
              "version": "799684448e3e1f57257a6155541e53510488f67b",
              "versionType": "git"
            },
            {
              "lessThan": "db1b4bedb9b97c6d34b03d03815147c04fffe8b4",
              "status": "affected",
              "version": "799684448e3e1f57257a6155541e53510488f67b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mediatek/mtk_wed.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()\n\nWhen there are multiple ap interfaces on one band and with WED on,\nturning the interface down will cause a kernel panic on MT798X.\n\nPreviously, cb_priv was freed in mtk_wed_setup_tc_block() without\nmarking NULL,and mtk_wed_setup_tc_block_cb() didn\u0027t check the value, too.\n\nAssign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL\nin mtk_wed_setup_tc_block_cb().\n\n----------\nUnable to handle kernel paging request at virtual address 0072460bca32b4f5\nCall trace:\n mtk_wed_setup_tc_block_cb+0x4/0x38\n 0xffffffc0794084bc\n tcf_block_playback_offloads+0x70/0x1e8\n tcf_block_unbind+0x6c/0xc8\n...\n---------"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:54.176Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/326a89321f9d5fe399fe6f9ff7c0fc766582a6a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b453a4bbda03aa8741279c360ac82d1c3ac33548"
        },
        {
          "url": "https://git.kernel.org/stable/c/db1b4bedb9b97c6d34b03d03815147c04fffe8b4"
        }
      ],
      "title": "net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44997",
    "datePublished": "2024-09-04T19:54:42.181Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:54.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44980",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:19:11.959900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:14.311Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/display/xe_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4",
              "status": "affected",
              "version": "44e694958b95395bd1c41508c88c8ca141bf9bd7",
              "versionType": "git"
            },
            {
              "lessThan": "f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f",
              "status": "affected",
              "version": "44e694958b95395bd1c41508c88c8ca141bf9bd7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/display/xe_display.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix opregion leak\n\nBeing part o the display, ideally the setup and cleanup would be done by\ndisplay itself. However this is a bigger refactor that needs to be done\non both i915 and xe. For now, just fix the leak:\n\nunreferenced object 0xffff8881a0300008 (size 192):\n  comm \"modprobe\", pid 4354, jiffies 4295647021\n  hex dump (first 32 bytes):\n    00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff  ...\u0027............\n    18 81 9b 00 00 c9 ff ff 00 00 00 00 00 00 00 00  ................\n  backtrace (crc 99260e31):\n    [\u003cffffffff823ce65b\u003e] kmemleak_alloc+0x4b/0x80\n    [\u003cffffffff81493be2\u003e] kmalloc_trace_noprof+0x312/0x3d0\n    [\u003cffffffffa1345679\u003e] intel_opregion_setup+0x89/0x700 [xe]\n    [\u003cffffffffa125bfaf\u003e] xe_display_init_noirq+0x2f/0x90 [xe]\n    [\u003cffffffffa1199ec3\u003e] xe_device_probe+0x7a3/0xbf0 [xe]\n    [\u003cffffffffa11f3713\u003e] xe_pci_probe+0x333/0x5b0 [xe]\n    [\u003cffffffff81af6be8\u003e] local_pci_probe+0x48/0xb0\n    [\u003cffffffff81af8778\u003e] pci_device_probe+0xc8/0x280\n    [\u003cffffffff81d09048\u003e] really_probe+0xf8/0x390\n    [\u003cffffffff81d0937a\u003e] __driver_probe_device+0x8a/0x170\n    [\u003cffffffff81d09503\u003e] driver_probe_device+0x23/0xb0\n    [\u003cffffffff81d097b7\u003e] __driver_attach+0xc7/0x190\n    [\u003cffffffff81d0628d\u003e] bus_for_each_dev+0x7d/0xd0\n    [\u003cffffffff81d0851e\u003e] driver_attach+0x1e/0x30\n    [\u003cffffffff81d07ac7\u003e] bus_add_driver+0x117/0x250\n\n(cherry picked from commit 6f4e43a2f771b737d991142ec4f6d4b7ff31fbb4)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:33.492Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f7ecdd9853dd9f34e7cdfdadfb70b8f40644ebb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4b2a0ae1a31fd3d1b5ca18ee08319b479cf9b5f"
        }
      ],
      "title": "drm/xe: Fix opregion leak",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44980",
    "datePublished": "2024-09-04T19:54:30.863Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:33.492Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:50.689815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a",
              "status": "affected",
              "version": "d1c188d330ca33cc35d1590441ba276f31144299",
              "versionType": "git"
            },
            {
              "lessThan": "df8e734ae5e605348aa0ca2498aedb73e815f244",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "50c5248b0ea8aae0529fdf28dac42a41312d3b62",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "a0362cd6e503278add954123957fd47990e8d9bf",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "1a9df57d57452b104c46c918569143cf21d7ebf1",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "716cba46f73a92645cf13eded8d257ed48afc2a4",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            },
            {
              "lessThan": "973a57891608a98e894db2887f278777f564de18",
              "status": "affected",
              "version": "54f83b8c8ea9b22082a496deadf90447a326954e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/udc/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: core: Check for unset descriptor\n\nMake sure the descriptor has been set before looking at maxpacket.\nThis fixes a null pointer panic in this case.\n\nThis may happen if the gadget doesn\u0027t properly set up the endpoint\nfor the current speed, or the gadget descriptors are malformed and\nthe descriptor for the speed/endpoint are not found.\n\nNo current gadget driver is known to have this problem, but this\nmay cause a hard-to-find bug during development of new gadgets."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:09.565Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ba15815dd24cc5ec0d23e2170dc58c7db1e03b4a"
        },
        {
          "url": "https://git.kernel.org/stable/c/df8e734ae5e605348aa0ca2498aedb73e815f244"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cc9ebcfe58be22f18056ad8bc6272d120bdcb3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/50c5248b0ea8aae0529fdf28dac42a41312d3b62"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0362cd6e503278add954123957fd47990e8d9bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a9df57d57452b104c46c918569143cf21d7ebf1"
        },
        {
          "url": "https://git.kernel.org/stable/c/716cba46f73a92645cf13eded8d257ed48afc2a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/973a57891608a98e894db2887f278777f564de18"
        }
      ],
      "title": "usb: gadget: core: Check for unset descriptor",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44960",
    "datePublished": "2024-09-04T18:35:58.469Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:09.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44948",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:29.464386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:37.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/mtrr/mtrr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "06c1de44d378ec5439db17bf476507d68589bfe9",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "450b6b22acdaac67a18eaf5ed498421ffcf10051",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "ca7d00c5656d1791e28369919e3e10febe9c3b16",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "8aa79dfb216b865e96ff890bc4ea71650f9bc8d7",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "8a90d3fc7c24608548d3a750671f9dac21d1a462",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "388f1c954019f253a8383f7eb733f38d541e10b6",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            },
            {
              "lessThan": "919f18f961c03d6694aa726c514184f2311a4614",
              "status": "affected",
              "version": "2b1f6278d77c1f2f669346fc2bb48012b5e9495a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kernel/cpu/mtrr/mtrr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.22"
            },
            {
              "lessThan": "2.6.22",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mtrr: Check if fixed MTRRs exist before saving them\n\nMTRRs have an obsolete fixed variant for fine grained caching control\nof the 640K-1MB region that uses separate MSRs. This fixed variant has\na separate capability bit in the MTRR capability MSR.\n\nSo far all x86 CPUs which support MTRR have this separate bit set, so it\nwent unnoticed that mtrr_save_state() does not check the capability bit\nbefore accessing the fixed MTRR MSRs.\n\nThough on a CPU that does not support the fixed MTRR capability this\nresults in a #GP.  The #GP itself is harmless because the RDMSR fault is\nhandled gracefully, but results in a WARN_ON().\n\nAdd the missing capability check to prevent this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:18:56.755Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e"
        },
        {
          "url": "https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9"
        },
        {
          "url": "https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16"
        },
        {
          "url": "https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462"
        },
        {
          "url": "https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614"
        }
      ],
      "title": "x86/mtrr: Check if fixed MTRRs exist before saving them",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44948",
    "datePublished": "2024-09-04T18:35:48.980Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2024-12-19T09:18:56.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:24.484235Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:33.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/time/tick-broadcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f54abf332a2bc0413cfa8bd6a8511f7aa99faea0",
              "status": "affected",
              "version": "dfe19aa91378972f10530635ad83b2d77f481044",
              "versionType": "git"
            },
            {
              "lessThan": "f91fb47ecacc178a83a77eeebd25cbaec18c01d6",
              "status": "affected",
              "version": "457a1c87d454455d671a3045cf0b56157be110a1",
              "versionType": "git"
            },
            {
              "lessThan": "668c6c4a7e9e9f081c06b70f30104fb7013437ed",
              "status": "affected",
              "version": "9ef7190228145f959d9bc0ddca40ecf76bb413b0",
              "versionType": "git"
            },
            {
              "lessThan": "541a900d245536d4809cb1aa322c3fcc2cdb58a6",
              "status": "affected",
              "version": "d3b165c10473aa6fc6141bb5b1f6e5b50c1fb774",
              "versionType": "git"
            },
            {
              "lessThan": "7b3ec186ba93e333e9efe7254e7e31c1828e5d2d",
              "status": "affected",
              "version": "408bfb6b0a7f22e971ce6b600aec448769e580a8",
              "versionType": "git"
            },
            {
              "lessThan": "b9d604933d5fd72dd37f24e1dc35f778297d745a",
              "status": "affected",
              "version": "3a58c590f6bd1d20eb1e76c5cea31c36cc032339",
              "versionType": "git"
            },
            {
              "lessThan": "7dd12f85f150010ef7518201c63fa7e395f5c3e9",
              "status": "affected",
              "version": "2cdab4b4bf77369961f706cdeb7d040db10c5217",
              "versionType": "git"
            },
            {
              "lessThan": "6881e75237a84093d0986f56223db3724619f26e",
              "status": "affected",
              "version": "f7d43dd206e7e18c182f200e67a8db8c209907fa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/time/tick-broadcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.1.105",
              "status": "affected",
              "version": "6.1.103",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.46",
              "status": "affected",
              "version": "6.6.44",
              "versionType": "semver"
            },
            {
              "lessThan": "6.10.5",
              "status": "affected",
              "version": "6.10.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it\u0027s valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n  BUG: using smp_processor_id() in preemptible [00000000] code:\n       caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:19.039Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e"
        }
      ],
      "title": "tick/broadcast: Move per CPU pointer access into the atomic section",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44968",
    "datePublished": "2024-09-04T18:56:45.456Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:19.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:14.220470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/bcm_sf2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b7b8d9f5e679af60c94251fd6728dde34be69a71",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "c05516c072903f6fb9134b8e7e1ad4bffcdc4819",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "7feef10768ea71d468d9bbc1e0d14c461876768c",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "a7d2808d67570e6acae45c2a96e0d59986888e4c",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "f3d5efe18a11f94150fee8b3fda9d62079af640a",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            },
            {
              "lessThan": "e3862093ee93fcfbdadcb7957f5f8974fffa806a",
              "status": "affected",
              "version": "771089c2a485958e423f305e974303760167b45c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/dsa/bcm_sf2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()\n\nbcm_sf2_mdio_register() calls of_phy_find_device() and then\nphy_device_remove() in a loop to remove existing PHY devices.\nof_phy_find_device() eventually calls bus_find_device(), which calls\nget_device() on the returned struct device * to increment the refcount.\nThe current implementation does not decrement the refcount, which causes\nmemory leak.\n\nThis commit adds the missing phy_device_free() call to decrement the\nrefcount via put_device() to balance the refcount."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:22.621Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71"
        },
        {
          "url": "https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819"
        },
        {
          "url": "https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c"
        },
        {
          "url": "https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a"
        }
      ],
      "title": "net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44971",
    "datePublished": "2024-09-04T18:56:47.475Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:22.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:07.741693Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ba4dedb71356638d8284e34724daca944be70368",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d3b403209f767e5857c1b9fda66726e6e6ffc99f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "97713b1a2ced1e4a2a6c40045903797ebd44d7e0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not clear page dirty inside extent_write_locked_range()\n\n[BUG]\nFor subpage + zoned case, the following workload can lead to rsv data\nleak at unmount time:\n\n  # mkfs.btrfs -f -s 4k $dev\n  # mount $dev $mnt\n  # fsstress -w -n 8 -d $mnt -s 1709539240\n  0/0: fiemap - no filename\n  0/1: copyrange read - no filename\n  0/2: write - no filename\n  0/3: rename - no source filename\n  0/4: creat f0 x:0 0 0\n  0/4: creat add id=0,parent=-1\n  0/5: writev f0[259 1 0 0 0 0] [778052,113,965] 0\n  0/6: ioctl(FIEMAP) f0[259 1 0 0 224 887097] [1294220,2291618343991484791,0x10000] -1\n  0/7: dwrite - xfsctl(XFS_IOC_DIOINFO) f0[259 1 0 0 224 887097] return 25, fallback to stat()\n  0/7: dwrite f0[259 1 0 0 224 887097] [696320,102400] 0\n  # umount $mnt\n\nThe dmesg includes the following rsv leak detection warning (all call\ntrace skipped):\n\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8653 btrfs_destroy_inode+0x1e0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8654 btrfs_destroy_inode+0x1a8/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  ------------[ cut here ]------------\n  WARNING: CPU: 2 PID: 4528 at fs/btrfs/inode.c:8660 btrfs_destroy_inode+0x1a0/0x200 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): last unmount of filesystem 1b4abba9-de34-4f07-9e7f-157cf12a18d6\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info DATA has 268218368 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=204800, pinned=0, reserved=0, may_use=12288, readonly=0 zone_unusable=0\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n  ------------[ cut here ]------------\n  WARNING: CPU: 3 PID: 4528 at fs/btrfs/block-group.c:4434 btrfs_free_block_groups+0x338/0x500 [btrfs]\n  ---[ end trace 0000000000000000 ]---\n  BTRFS info (device sda): space_info METADATA has 267796480 free, is not full\n  BTRFS info (device sda): space_info total=268435456, used=131072, pinned=0, reserved=0, may_use=262144, readonly=0 zone_unusable=245760\n  BTRFS info (device sda): global_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): trans_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): chunk_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_block_rsv: size 0 reserved 0\n  BTRFS info (device sda): delayed_refs_rsv: size 0 reserved 0\n\nAbove $dev is a tcmu-runner emulated zoned HDD, which has a max zone\nappend size of 64K, and the system has 64K page size.\n\n[CAUSE]\nI have added several trace_printk() to show the events (header skipped):\n\n  \u003e btrfs_dirty_pages: r/i=5/259 dirty start=774144 len=114688\n  \u003e btrfs_dirty_pages: r/i=5/259 dirty part of page=720896 off_in_page=53248 len_in_page=12288\n  \u003e btrfs_dirty_pages: r/i=5/259 dirty part of page=786432 off_in_page=0 len_in_page=65536\n  \u003e btrfs_dirty_pages: r/i=5/259 dirty part of page=851968 off_in_page=0 len_in_page=36864\n\nThe above lines show our buffered write has dirtied 3 pages of inode\n259 of root 5:\n\n  704K             768K              832K              896K\n  I           |////I/////////////////I///////////|     I\n              756K                               868K\n\n  |///| is the dirtied range using subpage bitmaps. and \u0027I\u0027 is the page\n  boundary.\n\n  Meanwhile all three pages (704K, 768K, 832K) have their PageDirty\n  flag set.\n\n  \u003e btrfs_direct_write: r/i=5/259 start dio filepos=696320 len=102400\n\nThen direct IO writ\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:23.752Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3b403209f767e5857c1b9fda66726e6e6ffc99f"
        },
        {
          "url": "https://git.kernel.org/stable/c/97713b1a2ced1e4a2a6c40045903797ebd44d7e0"
        }
      ],
      "title": "btrfs: do not clear page dirty inside extent_write_locked_range()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44972",
    "datePublished": "2024-09-04T18:56:48.145Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:23.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-11-09T10:04:18.067Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44952",
    "datePublished": "2024-09-04T18:35:52.250Z",
    "dateRejected": "2024-11-09T10:04:18.067Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-11-09T10:04:18.067Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:24:17.288703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:14.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/pata_macio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "709e4c8f78e156ab332297bdd87527ec3da4e2d4",
              "status": "affected",
              "version": "09fe2bfa6b83f865126ce3964744863f69a4a030",
              "versionType": "git"
            },
            {
              "lessThan": "822c8020aebcf5804a143b891e34f29873fee5e2",
              "status": "affected",
              "version": "09fe2bfa6b83f865126ce3964744863f69a4a030",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ata/pata_macio.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nata: pata_macio: Fix DMA table overflow\n\nKolbj\u00f8rn and Jon\u00e1\u0161 reported that their 32-bit PowerMacs were crashing\nin pata-macio since commit 09fe2bfa6b83 (\"ata: pata_macio: Fix\nmax_segment_size with PAGE_SIZE == 64K\").\n\nFor example:\n\n  kernel BUG at drivers/ata/pata_macio.c:544!\n  Oops: Exception in kernel mode, sig: 5 [#1]\n  BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac\n  ...\n  NIP pata_macio_qc_prep+0xf4/0x190\n  LR  pata_macio_qc_prep+0xfc/0x190\n  Call Trace:\n    0xc1421660 (unreliable)\n    ata_qc_issue+0x14c/0x2d4\n    __ata_scsi_queuecmd+0x200/0x53c\n    ata_scsi_queuecmd+0x50/0xe0\n    scsi_queue_rq+0x788/0xb1c\n    __blk_mq_issue_directly+0x58/0xf4\n    blk_mq_plug_issue_direct+0x8c/0x1b4\n    blk_mq_flush_plug_list.part.0+0x584/0x5e0\n    __blk_flush_plug+0xf8/0x194\n    __submit_bio+0x1b8/0x2e0\n    submit_bio_noacct_nocheck+0x230/0x304\n    btrfs_work_helper+0x200/0x338\n    process_one_work+0x1a8/0x338\n    worker_thread+0x364/0x4c0\n    kthread+0x100/0x104\n    start_kernel_thread+0x10/0x14\n\nThat commit increased max_segment_size to 64KB, with the justification\nthat the SCSI core was already using that size when PAGE_SIZE == 64KB,\nand that there was existing logic to split over-sized requests.\n\nHowever with a sufficiently large request, the splitting logic causes\neach sg to be split into two commands in the DMA table, leading to\noverflow of the DMA table, triggering the BUG_ON().\n\nWith default settings the bug doesn\u0027t trigger, because the request size\nis limited by max_sectors_kb == 1280, however max_sectors_kb can be\nincreased, and apparently some distros do that by default using udev\nrules.\n\nFix the bug for 4KB kernels by reverting to the old max_segment_size.\n\nFor 64KB kernels the sg_tablesize needs to be halved, to allow for the\npossibility that each sg will be split into two."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:28.821Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/709e4c8f78e156ab332297bdd87527ec3da4e2d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/822c8020aebcf5804a143b891e34f29873fee5e2"
        }
      ],
      "title": "ata: pata_macio: Fix DMA table overflow",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44976",
    "datePublished": "2024-09-04T19:54:28.282Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:28.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:37.034016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.442Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6b289f8d91537ec1e4f9c7b38b31b90d93b1419b",
              "status": "affected",
              "version": "02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb",
              "versionType": "git"
            },
            {
              "lessThan": "f01032a2ca099ec8d619aaa916c3762aa62495df",
              "status": "affected",
              "version": "02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/idpf/idpf_lib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leaks and crashes while performing a soft reset\n\nThe second tagged commit introduced a UAF, as it removed restoring\nq_vector-\u003evport pointers after reinitializating the structures.\nThis is due to that all queue allocation functions are performed here\nwith the new temporary vport structure and those functions rewrite\nthe backpointers to the vport. Then, this new struct is freed and\nthe pointers start leading to nowhere.\n\nBut generally speaking, the current logic is very fragile. It claims\nto be more reliable when the system is low on memory, but in fact, it\nconsumes two times more memory as at the moment of running this\nfunction, there are two vports allocated with their queues and vectors.\nMoreover, it claims to prevent the driver from running into \"bad state\",\nbut in fact, any error during the rebuild leaves the old vport in the\npartially allocated state.\nFinally, if the interface is down when the function is called, it always\nallocates a new queue set, but when the user decides to enable the\ninterface later on, vport_open() allocates them once again, IOW there\u0027s\na clear memory leak here.\n\nJust don\u0027t allocate a new queue set when performing a reset, that solves\ncrashes and memory leaks. Readd the old queue number and reopen the\ninterface on rollback - that solves limbo states when the device is left\ndisabled and/or without HW queues enabled."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:14.244Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6b289f8d91537ec1e4f9c7b38b31b90d93b1419b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f01032a2ca099ec8d619aaa916c3762aa62495df"
        }
      ],
      "title": "idpf: fix memory leaks and crashes while performing a soft reset",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44964",
    "datePublished": "2024-09-04T18:36:01.856Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:14.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:50.219529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:20:52.769Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "21816b696c172c19d53a30d45ee005cce246ed21",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            },
            {
              "lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44",
              "status": "affected",
              "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn\u0027t set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  \u003cTASK\u003e\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:44.618Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"
        },
        {
          "url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"
        }
      ],
      "title": "bonding: fix xfrm real_dev null pointer dereference",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44989",
    "datePublished": "2024-09-04T19:54:36.858Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:44.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:05.283493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:17.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "628ea82190a678a56d2ec38cda3addf3b3a6248d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "09e086a5f72ea27c758b3f3b419a69000c32adc1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1cece837e387c039225f19028df255df87a97c0d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "24cf390a5426aac9255205e9533cdd7b4235d518",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "379a6a326514a3e2f71b674091dfb0e0e7522b55",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ef23c18ab88e33ce000d06a5c6aad0620f219bfd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "91b4850e7165a4b7180ef1e227733bcb41ccdf10",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a9a18e8f770c9b0703dab93580d0b02e199a4c79",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/atm/idt77252.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: idt77252: prevent use after free in dequeue_rx()\n\nWe can\u0027t dereference \"skb\" after calling vcc-\u003epush() because the skb\nis released."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:55.681Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/628ea82190a678a56d2ec38cda3addf3b3a6248d"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e086a5f72ea27c758b3f3b419a69000c32adc1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cece837e387c039225f19028df255df87a97c0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/24cf390a5426aac9255205e9533cdd7b4235d518"
        },
        {
          "url": "https://git.kernel.org/stable/c/379a6a326514a3e2f71b674091dfb0e0e7522b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef23c18ab88e33ce000d06a5c6aad0620f219bfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b4850e7165a4b7180ef1e227733bcb41ccdf10"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9a18e8f770c9b0703dab93580d0b02e199a4c79"
        }
      ],
      "title": "atm: idt77252: prevent use after free in dequeue_rx()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44998",
    "datePublished": "2024-09-04T19:54:42.826Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:55.681Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:02:05.265146Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:04:48.325Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9b8b65211a880af8fe8330a101e1e239a2d4008f",
              "status": "affected",
              "version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
              "versionType": "git"
            },
            {
              "lessThan": "7ecf85542169012765e4c2817cd3be6c2e009962",
              "status": "affected",
              "version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
              "versionType": "git"
            },
            {
              "lessThan": "a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d",
              "status": "affected",
              "version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
              "versionType": "git"
            },
            {
              "lessThan": "02193c70723118889281f75b88722b26b58bf4ae",
              "status": "affected",
              "version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
              "versionType": "git"
            },
            {
              "lessThan": "bfa1a6283be390947d3649c482e5167186a37016",
              "status": "affected",
              "version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: cleanup FB if dpu_format_populate_layout fails\n\nIf the dpu_format_populate_layout() fails, then FB is prepared, but not\ncleaned up. This ends up leaking the pin_count on the GEM object and\ncauses a splat during DRM file closure:\n\nmsm_obj-\u003epin_count\nWARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc\n[...]\nCall trace:\n update_lru_locked+0xc4/0xcc\n put_pages+0xac/0x100\n msm_gem_free_object+0x138/0x180\n drm_gem_object_free+0x1c/0x30\n drm_gem_object_handle_put_unlocked+0x108/0x10c\n drm_gem_object_release_handle+0x58/0x70\n idr_for_each+0x68/0xec\n drm_gem_release+0x28/0x40\n drm_file_free+0x174/0x234\n drm_release+0xb0/0x160\n __fput+0xc0/0x2c8\n __fput_sync+0x50/0x5c\n __arm64_sys_close+0x38/0x7c\n invoke_syscall+0x48/0x118\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x4c/0x120\n el0t_64_sync_handler+0x100/0x12c\n el0t_64_sync+0x190/0x194\nirq event stamp: 129818\nhardirqs last  enabled at (129817): [\u003cffffa5f6d953fcc0\u003e] console_unlock+0x118/0x124\nhardirqs last disabled at (129818): [\u003cffffa5f6da7dcf04\u003e] el1_dbg+0x24/0x8c\nsoftirqs last  enabled at (129808): [\u003cffffa5f6d94afc18\u003e] handle_softirqs+0x4c8/0x4e8\nsoftirqs last disabled at (129785): [\u003cffffa5f6d94105e4\u003e] __do_softirq+0x14/0x20\n\nPatchwork: https://patchwork.freedesktop.org/patch/600714/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:35.816Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9b8b65211a880af8fe8330a101e1e239a2d4008f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7ecf85542169012765e4c2817cd3be6c2e009962"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3c5815b07f4ee19d0b7e2ddf91ff9f03ecbf27d"
        },
        {
          "url": "https://git.kernel.org/stable/c/02193c70723118889281f75b88722b26b58bf4ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfa1a6283be390947d3649c482e5167186a37016"
        }
      ],
      "title": "drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44982",
    "datePublished": "2024-09-04T19:54:32.158Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:35.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:02.040290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/slub.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b35cd7f1e969aaa63e6716d82480f6b8a3230949",
              "status": "affected",
              "version": "782f8906f8057efc7151b4b98b0a0280a71d005f",
              "versionType": "git"
            },
            {
              "lessThan": "a371d558e6f3aed977a8a7346350557de5d25190",
              "status": "affected",
              "version": "782f8906f8057efc7151b4b98b0a0280a71d005f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/slub.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm, slub: do not call do_slab_free for kfence object\n\nIn 782f8906f805 the freeing of kfence objects was moved from deep\ninside do_slab_free to the wrapper functions outside. This is a nice\nchange, but unfortunately it missed one spot in __kmem_cache_free_bulk.\n\nThis results in a crash like this:\n\nBUG skbuff_head_cache (Tainted: G S  B       E     ): Padding overwritten. 0xffff88907fea0f00-0xffff88907fea0fff @offset=3840\n\nslab_err (mm/slub.c:1129)\nfree_to_partial_list (mm/slub.c:? mm/slub.c:4036)\nslab_pad_check (mm/slub.c:864 mm/slub.c:1290)\ncheck_slab (mm/slub.c:?)\nfree_to_partial_list (mm/slub.c:3171 mm/slub.c:4036)\nkmem_cache_alloc_bulk (mm/slub.c:? mm/slub.c:4495 mm/slub.c:4586 mm/slub.c:4635)\nnapi_build_skb (net/core/skbuff.c:348 net/core/skbuff.c:527 net/core/skbuff.c:549)\n\nAll the other callers to do_slab_free appear to be ok.\n\nAdd a kfence_free check in __kmem_cache_free_bulk to avoid the crash."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:24.908Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b35cd7f1e969aaa63e6716d82480f6b8a3230949"
        },
        {
          "url": "https://git.kernel.org/stable/c/a371d558e6f3aed977a8a7346350557de5d25190"
        }
      ],
      "title": "mm, slub: do not call do_slab_free for kfence object",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44973",
    "datePublished": "2024-09-04T19:00:23.444Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:24.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:57.304687Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4",
              "status": "affected",
              "version": "c5511d03ec090980732e929c318a7a6374b5550e",
              "versionType": "git"
            },
            {
              "lessThan": "2cf7665efe451e48d27953e6b5bc627d518c902b",
              "status": "affected",
              "version": "c5511d03ec090980732e929c318a7a6374b5550e",
              "versionType": "git"
            },
            {
              "lessThan": "65727331b60197b742089855ac09464c22b96f66",
              "status": "affected",
              "version": "c5511d03ec090980732e929c318a7a6374b5550e",
              "versionType": "git"
            },
            {
              "lessThan": "d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab",
              "status": "affected",
              "version": "c5511d03ec090980732e929c318a7a6374b5550e",
              "versionType": "git"
            },
            {
              "lessThan": "e22f910a26cc2a3ac9c66b8e935ef2a7dd881117",
              "status": "affected",
              "version": "c5511d03ec090980732e929c318a7a6374b5550e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/sched/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/smt: Fix unbalance sched_smt_present dec/inc\n\nI got the following warn report while doing stress test:\n\njump label: negative count!\nWARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0\nCall Trace:\n \u003cTASK\u003e\n __static_key_slow_dec_cpuslocked+0x16/0x70\n sched_cpu_deactivate+0x26e/0x2a0\n cpuhp_invoke_callback+0x3ad/0x10d0\n cpuhp_thread_fun+0x3f5/0x680\n smpboot_thread_fn+0x56d/0x8d0\n kthread+0x309/0x400\n ret_from_fork+0x41/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nBecause when cpuset_cpu_inactive() fails in sched_cpu_deactivate(),\nthe cpu offline failed, but sched_smt_present is decremented before\ncalling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so\nfix it by incrementing sched_smt_present in the error path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:07.283Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b"
        },
        {
          "url": "https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab"
        },
        {
          "url": "https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117"
        }
      ],
      "title": "sched/smt: Fix unbalance sched_smt_present dec/inc",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44958",
    "datePublished": "2024-09-04T18:35:56.655Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:07.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:23.237971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:37.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc6a3f35bc9b3a8da1b195420a2e8d9fdadfa831",
              "status": "affected",
              "version": "dfeae619d781dee61666d5551b93ba3be755a86b",
              "versionType": "git"
            },
            {
              "lessThan": "dc5ead0e8fc5ef53b8553394d4aab60c277976b3",
              "status": "affected",
              "version": "dfeae619d781dee61666d5551b93ba3be755a86b",
              "versionType": "git"
            },
            {
              "lessThan": "6a6730812220a9a5ce4003eb347da1ee5abd06b0",
              "status": "affected",
              "version": "dfeae619d781dee61666d5551b93ba3be755a86b",
              "versionType": "git"
            },
            {
              "lessThan": "7d3b793faaab1305994ce568b59d61927235f57b",
              "status": "affected",
              "version": "dfeae619d781dee61666d5551b93ba3be755a86b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix invalid FIFO access with special register set\n\nWhen enabling access to the special register set, Receiver time-out and\nRHR interrupts can happen. In this case, the IRQ handler will try to read\nfrom the FIFO thru the RHR register at address 0x00, but address 0x00 is\nmapped to DLL register, resulting in erroneous FIFO reading.\n\nCall graph example:\n    sc16is7xx_startup(): entry\n    sc16is7xx_ms_proc(): entry\n    sc16is7xx_set_termios(): entry\n    sc16is7xx_set_baud(): DLH/DLL = $009C --\u003e access special register set\n    sc16is7xx_port_irq() entry            --\u003e IIR is 0x0C\n    sc16is7xx_handle_rx() entry\n    sc16is7xx_fifo_read(): --\u003e unable to access FIFO (RHR) because it is\n                               mapped to DLL (LCR=LCR_CONF_MODE_A)\n    sc16is7xx_set_baud(): exit --\u003e Restore access to general register set\n\nFix the problem by claiming the efr_lock mutex when accessing the Special\nregister set."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:18:59.037Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc6a3f35bc9b3a8da1b195420a2e8d9fdadfa831"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc5ead0e8fc5ef53b8553394d4aab60c277976b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b"
        }
      ],
      "title": "serial: sc16is7xx: fix invalid FIFO access with special register set",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44950",
    "datePublished": "2024-09-04T18:35:50.602Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2024-12-19T09:18:59.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:26:17.235376Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:03.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/cgroup/cpuset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "73d6c6cf8ef6a3c532aa159f5114077746a372d6",
              "status": "affected",
              "version": "0c7f293efc87a06b51db9aa65256f8cb0a5a0a21",
              "versionType": "git"
            },
            {
              "lessThan": "959ab6350add903e352890af53e86663739fcb9a",
              "status": "affected",
              "version": "0c7f293efc87a06b51db9aa65256f8cb0a5a0a21",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/cgroup/cpuset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup/cpuset: fix panic caused by partcmd_update\n\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x8c/0xa0\n ? __die_body+0x23/0xa0\n ? __die+0x3a/0x50\n ? page_fault_oops+0x1d2/0x5c0\n ? partition_sched_domains_locked+0x483/0x600\n ? search_module_extables+0x2a/0xb0\n ? search_exception_tables+0x67/0x90\n ? kernelmode_fixup_or_oops+0x144/0x1b0\n ? __bad_area_nosemaphore+0x211/0x360\n ? up_read+0x3b/0x50\n ? bad_area_nosemaphore+0x1a/0x30\n ? exc_page_fault+0x890/0xd90\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? __lock_acquire.constprop.0+0x24f/0x8d0\n ? asm_exc_page_fault+0x26/0x30\n ? partition_sched_domains_locked+0x483/0x600\n ? partition_sched_domains_locked+0xf0/0x600\n rebuild_sched_domains_locked+0x806/0xdc0\n update_partition_sd_lb+0x118/0x130\n cpuset_write_resmask+0xffc/0x1420\n cgroup_file_write+0xb2/0x290\n kernfs_fop_write_iter+0x194/0x290\n new_sync_write+0xeb/0x160\n vfs_write+0x16f/0x1d0\n ksys_write+0x81/0x180\n __x64_sys_write+0x21/0x30\n x64_sys_call+0x2f25/0x4630\n do_syscall_64+0x44/0xb0\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\n\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset \u003e ../cgroup.subtree_control\necho root \u003e cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 \u003e cpuset.cpus // taking away all cpus from root\n\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:27.392Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/73d6c6cf8ef6a3c532aa159f5114077746a372d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/959ab6350add903e352890af53e86663739fcb9a"
        }
      ],
      "title": "cgroup/cpuset: fix panic caused by partcmd_update",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44975",
    "datePublished": "2024-09-04T19:54:27.622Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:27.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:21.525724Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:44.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_dcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9e3b266afcfe4294e84496f50f006f029d3100db",
              "status": "affected",
              "version": "2e8a0f40a39cc253002f21c54e1b5b995e5ec510",
              "versionType": "git"
            },
            {
              "lessThan": "0e28bf61a5f9ab30be3f3b4eafb8d097e39446bb",
              "status": "affected",
              "version": "2e8a0f40a39cc253002f21c54e1b5b995e5ec510",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_dcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix leak of blob encryption key\n\nTrusted keys unseal the key blob on load, but keep the sealed payload in\nthe blob field so that every subsequent read (export) will simply\nconvert this field to hex and send it to userspace.\n\nWith DCP-based trusted keys, we decrypt the blob encryption key (BEK)\nin the Kernel due hardware limitations and then decrypt the blob payload.\nBEK decryption is done in-place which means that the trusted key blob\nfield is modified and it consequently holds the BEK in plain text.\nEvery subsequent read of that key thus send the plain text BEK instead\nof the encrypted BEK to userspace.\n\nThis issue only occurs when importing a trusted DCP-based key and\nthen exporting it again. This should rarely happen as the common use cases\nare to either create a new trusted key and export it, or import a key\nblob and then just use it without exporting it again.\n\nFix this by performing BEK decryption and encryption in a dedicated\nbuffer. Further always wipe the plain text BEK buffer to prevent leaking\nthe key via uninitialized memory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:03.450Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9e3b266afcfe4294e84496f50f006f029d3100db"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e28bf61a5f9ab30be3f3b4eafb8d097e39446bb"
        }
      ],
      "title": "KEYS: trusted: dcp: fix leak of blob encryption key",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45004",
    "datePublished": "2024-09-04T19:54:46.952Z",
    "dateReserved": "2024-08-21T05:34:56.678Z",
    "dateUpdated": "2024-12-19T09:20:03.450Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:07.003970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.595Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c7e65cab54a89f4df54110f0b44c4ade93d1a911",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "39b217193729aa45eded8de24d9245468a0c0263",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fcf6a49d79923a234844b8efe830a61f3f0584e4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Don\u0027t refer to dc_sink in is_dsc_need_re_compute\n\n[Why]\nWhen unplug one of monitors connected after mst hub, encounter null pointer dereference.\n\nIt\u0027s due to dc_sink get released immediately in early_unregister() or detect_ctx(). When\ncommit new state which directly referring to info stored in dc_sink will cause null pointer\ndereference.\n\n[how]\nRemove redundant checking condition. Relevant condition should already be covered by checking\nif dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:03.846Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c7e65cab54a89f4df54110f0b44c4ade93d1a911"
        },
        {
          "url": "https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4"
        }
      ],
      "title": "drm/amd/display: Don\u0027t refer to dc_sink in is_dsc_need_re_compute",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44955",
    "datePublished": "2024-09-04T18:35:54.412Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:03.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:15.439582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:26.974Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/af_vsock.h",
            "net/vmw_vsock/af_vsock.c",
            "net/vmw_vsock/vsock_bpf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5",
              "status": "affected",
              "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f",
              "versionType": "git"
            },
            {
              "lessThan": "b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135",
              "status": "affected",
              "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f",
              "versionType": "git"
            },
            {
              "lessThan": "69139d2919dd4aa9a553c8245e7c63e82613e3fc",
              "status": "affected",
              "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/af_vsock.h",
            "net/vmw_vsock/af_vsock.c",
            "net/vmw_vsock/vsock_bpf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: fix recursive -\u003erecvmsg calls\n\nAfter a vsock socket has been added to a BPF sockmap, its prot-\u003erecvmsg\nhas been replaced with vsock_bpf_recvmsg(). Thus the following\nrecursiion could happen:\n\nvsock_bpf_recvmsg()\n -\u003e __vsock_recvmsg()\n  -\u003e vsock_connectible_recvmsg()\n   -\u003e prot-\u003erecvmsg()\n    -\u003e vsock_bpf_recvmsg() again\n\nWe need to fix it by calling the original -\u003erecvmsg() without any BPF\nsockmap logic in __vsock_recvmsg()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:53.024Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4ee8cf1acc5018ed1369150d7bb3e0d0f79e135"
        },
        {
          "url": "https://git.kernel.org/stable/c/69139d2919dd4aa9a553c8245e7c63e82613e3fc"
        }
      ],
      "title": "vsock: fix recursive -\u003erecvmsg calls",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44996",
    "datePublished": "2024-09-04T19:54:41.513Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:53.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:27.700271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:52.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c",
            "include/linux/fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3525ad25240dfdd8c78f3470911ed10aa727aa72",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "03880af02a78bc9a98b5a581f529cf709c88a9b8",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "cda54ec82c0f9d05393242b20b13f69b083f7e88",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "437741eba63bf4e437e2beb5583f8633556a2b98",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "b9bda5f6012dd00372f3a06a82ed8971a4c57c32",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "9063ab49c11e9518a3f2352434bb276cc8134c5f",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            },
            {
              "lessThan": "2a0629834cd82f05d424bbc193374f9a43d1f87d",
              "status": "affected",
              "version": "e50e5129f384ae282adebfb561189cdb19b81cee",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/inode.c",
            "include/linux/fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfs: Don\u0027t evict inode under the inode lru traversing context\n\nThe inode reclaiming process(See function prune_icache_sb) collects all\nreclaimable inodes and mark them with I_FREEING flag at first, at that\ntime, other processes will be stuck if they try getting these inodes\n(See function find_inode_fast), then the reclaiming process destroy the\ninodes by function dispose_list(). Some filesystems(eg. ext4 with\nea_inode feature, ubifs with xattr) may do inode lookup in the inode\nevicting callback function, if the inode lookup is operated under the\ninode lru traversing context, deadlock problems may happen.\n\nCase 1: In function ext4_evict_inode(), the ea inode lookup could happen\n        if ea_inode feature is enabled, the lookup process will be stuck\n\tunder the evicting context like this:\n\n 1. File A has inode i_reg and an ea inode i_ea\n 2. getfattr(A, xattr_buf) // i_ea is added into lru // lru-\u003ei_ea\n 3. Then, following three processes running like this:\n\n    PA                              PB\n echo 2 \u003e /proc/sys/vm/drop_caches\n  shrink_slab\n   prune_dcache_sb\n   // i_reg is added into lru, lru-\u003ei_ea-\u003ei_reg\n   prune_icache_sb\n    list_lru_walk_one\n     inode_lru_isolate\n      i_ea-\u003ei_state |= I_FREEING // set inode state\n     inode_lru_isolate\n      __iget(i_reg)\n      spin_unlock(\u0026i_reg-\u003ei_lock)\n      spin_unlock(lru_lock)\n                                     rm file A\n                                      i_reg-\u003enlink = 0\n      iput(i_reg) // i_reg-\u003enlink is 0, do evict\n       ext4_evict_inode\n        ext4_xattr_delete_inode\n         ext4_xattr_inode_dec_ref_all\n          ext4_xattr_inode_iget\n           ext4_iget(i_ea-\u003ei_ino)\n            iget_locked\n             find_inode_fast\n              __wait_on_freeing_inode(i_ea) ----\u2192 AA deadlock\n    dispose_list // cannot be executed by prune_icache_sb\n     wake_up_bit(\u0026i_ea-\u003ei_state)\n\nCase 2: In deleted inode writing function ubifs_jnl_write_inode(), file\n        deleting process holds BASEHD\u0027s wbuf-\u003eio_mutex while getting the\n\txattr inode, which could race with inode reclaiming process(The\n        reclaiming process could try locking BASEHD\u0027s wbuf-\u003eio_mutex in\n\tinode evicting function), then an ABBA deadlock problem would\n\thappen as following:\n\n 1. File A has inode ia and a xattr(with inode ixa), regular file B has\n    inode ib and a xattr.\n 2. getfattr(A, xattr_buf) // ixa is added into lru // lru-\u003eixa\n 3. Then, following three processes running like this:\n\n        PA                PB                        PC\n                echo 2 \u003e /proc/sys/vm/drop_caches\n                 shrink_slab\n                  prune_dcache_sb\n                  // ib and ia are added into lru, lru-\u003eixa-\u003eib-\u003eia\n                  prune_icache_sb\n                   list_lru_walk_one\n                    inode_lru_isolate\n                     ixa-\u003ei_state |= I_FREEING // set inode state\n                    inode_lru_isolate\n                     __iget(ib)\n                     spin_unlock(\u0026ib-\u003ei_lock)\n                     spin_unlock(lru_lock)\n                                                   rm file B\n                                                    ib-\u003enlink = 0\n rm file A\n  iput(ia)\n   ubifs_evict_inode(ia)\n    ubifs_jnl_delete_inode(ia)\n     ubifs_jnl_write_inode(ia)\n      make_reservation(BASEHD) // Lock wbuf-\u003eio_mutex\n      ubifs_iget(ixa-\u003ei_ino)\n       iget_locked\n        find_inode_fast\n         __wait_on_freeing_inode(ixa)\n          |          iput(ib) // ib-\u003enlink is 0, do evict\n          |           ubifs_evict_inode\n          |            ubifs_jnl_delete_inode(ib)\n          \u2193             ubifs_jnl_write_inode\n     ABBA deadlock \u2190-----make_reservation(BASEHD)\n                   dispose_list // cannot be executed by prune_icache_sb\n                    wake_up_bit(\u0026ixa-\u003ei_state)\n\nFix the possible deadlock by using new inode state flag I_LRU_ISOLATING\nto pin the inode in memory while inode_lru_isolate(\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:02.265Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3525ad25240dfdd8c78f3470911ed10aa727aa72"
        },
        {
          "url": "https://git.kernel.org/stable/c/03880af02a78bc9a98b5a581f529cf709c88a9b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cda54ec82c0f9d05393242b20b13f69b083f7e88"
        },
        {
          "url": "https://git.kernel.org/stable/c/437741eba63bf4e437e2beb5583f8633556a2b98"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9bda5f6012dd00372f3a06a82ed8971a4c57c32"
        },
        {
          "url": "https://git.kernel.org/stable/c/9063ab49c11e9518a3f2352434bb276cc8134c5f"
        },
        {
          "url": "https://git.kernel.org/stable/c/2a0629834cd82f05d424bbc193374f9a43d1f87d"
        }
      ],
      "title": "vfs: Don\u0027t evict inode under the inode lru traversing context",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45003",
    "datePublished": "2024-09-04T19:54:46.276Z",
    "dateReserved": "2024-08-21T05:34:56.678Z",
    "dateUpdated": "2024-12-19T09:20:02.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:53.968694Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/tracefs/inode.c",
            "fs/tracefs/internal.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "726f4c241e17be75a9cf6870d80cd7479dc89e8f",
              "status": "affected",
              "version": "5f91fc82794d4a6e41cdcd02d00baa377d94ca78",
              "versionType": "git"
            },
            {
              "lessThan": "061da60716ce0cde99f62f31937b81e1c03acef6",
              "status": "affected",
              "version": "baa23a8d4360d981a49913841a726edede5cdd54",
              "versionType": "git"
            },
            {
              "lessThan": "0b6743bd60a56a701070b89fb80c327a44b7b3e2",
              "status": "affected",
              "version": "baa23a8d4360d981a49913841a726edede5cdd54",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/tracefs/inode.c",
            "fs/tracefs/internal.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Use generic inode RCU for synchronizing freeing\n\nWith structure layout randomization enabled for \u0027struct inode\u0027 we need to\navoid overlapping any of the RCU-used / initialized-only-once members,\ne.g. i_lru or i_sb_list to not corrupt related list traversals when making\nuse of the rcu_head.\n\nFor an unlucky structure layout of \u0027struct inode\u0027 we may end up with the\nfollowing splat when running the ftrace selftests:\n\n[\u003c...\u003e] list_del corruption, ffff888103ee2cb0-\u003enext (tracefs_inode_cache+0x0/0x4e0 [slab object]) is NULL (prev is tracefs_inode_cache+0x78/0x4e0 [slab object])\n[\u003c...\u003e] ------------[ cut here ]------------\n[\u003c...\u003e] kernel BUG at lib/list_debug.c:54!\n[\u003c...\u003e] invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n[\u003c...\u003e] CPU: 3 PID: 2550 Comm: mount Tainted: G                 N  6.8.12-grsec+ #122 ed2f536ca62f28b087b90e3cc906a8d25b3ddc65\n[\u003c...\u003e] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\n[\u003c...\u003e] RIP: 0010:[\u003cffffffff84656018\u003e] __list_del_entry_valid_or_report+0x138/0x3e0\n[\u003c...\u003e] Code: 48 b8 99 fb 65 f2 ff ff ff ff e9 03 5c d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff e9 33 5a d9 fc cc 48 b8 99 fb 65 f2 ff ff ff ff \u003c0f\u003e 0b 4c 89 e9 48 89 ea 48 89 ee 48 c7 c7 60 8f dd 89 31 c0 e8 2f\n[\u003c...\u003e] RSP: 0018:fffffe80416afaf0 EFLAGS: 00010283\n[\u003c...\u003e] RAX: 0000000000000098 RBX: ffff888103ee2cb0 RCX: 0000000000000000\n[\u003c...\u003e] RDX: ffffffff84655fe8 RSI: ffffffff89dd8b60 RDI: 0000000000000001\n[\u003c...\u003e] RBP: ffff888103ee2cb0 R08: 0000000000000001 R09: fffffbd0082d5f25\n[\u003c...\u003e] R10: fffffe80416af92f R11: 0000000000000001 R12: fdf99c16731d9b6d\n[\u003c...\u003e] R13: 0000000000000000 R14: ffff88819ad4b8b8 R15: 0000000000000000\n[\u003c...\u003e] RBX: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[\u003c...\u003e] RDX: __list_del_entry_valid_or_report+0x108/0x3e0\n[\u003c...\u003e] RSI: __func__.47+0x4340/0x4400\n[\u003c...\u003e] RBP: tracefs_inode_cache+0x0/0x4e0 [slab object]\n[\u003c...\u003e] RSP: process kstack fffffe80416afaf0+0x7af0/0x8000 [mount 2550 2550]\n[\u003c...\u003e] R09: kasan shadow of process kstack fffffe80416af928+0x7928/0x8000 [mount 2550 2550]\n[\u003c...\u003e] R10: process kstack fffffe80416af92f+0x792f/0x8000 [mount 2550 2550]\n[\u003c...\u003e] R14: tracefs_inode_cache+0x78/0x4e0 [slab object]\n[\u003c...\u003e] FS:  00006dcb380c1840(0000) GS:ffff8881e0600000(0000) knlGS:0000000000000000\n[\u003c...\u003e] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[\u003c...\u003e] CR2: 000076ab72b30e84 CR3: 000000000b088004 CR4: 0000000000360ef0 shadow CR4: 0000000000360ef0\n[\u003c...\u003e] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[\u003c...\u003e] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[\u003c...\u003e] ASID: 0003\n[\u003c...\u003e] Stack:\n[\u003c...\u003e]  ffffffff818a2315 00000000f5c856ee ffffffff896f1840 ffff888103ee2cb0\n[\u003c...\u003e]  ffff88812b6b9750 0000000079d714b6 fffffbfff1e9280b ffffffff8f49405f\n[\u003c...\u003e]  0000000000000001 0000000000000000 ffff888104457280 ffffffff8248b392\n[\u003c...\u003e] Call Trace:\n[\u003c...\u003e]  \u003cTASK\u003e\n[\u003c...\u003e]  [\u003cffffffff818a2315\u003e] ? lock_release+0x175/0x380 fffffe80416afaf0\n[\u003c...\u003e]  [\u003cffffffff8248b392\u003e] list_lru_del+0x152/0x740 fffffe80416afb48\n[\u003c...\u003e]  [\u003cffffffff8248ba93\u003e] list_lru_del_obj+0x113/0x280 fffffe80416afb88\n[\u003c...\u003e]  [\u003cffffffff8940fd19\u003e] ? _atomic_dec_and_lock+0x119/0x200 fffffe80416afb90\n[\u003c...\u003e]  [\u003cffffffff8295b244\u003e] iput_final+0x1c4/0x9a0 fffffe80416afbb8\n[\u003c...\u003e]  [\u003cffffffff8293a52b\u003e] dentry_unlink_inode+0x44b/0xaa0 fffffe80416afbf8\n[\u003c...\u003e]  [\u003cffffffff8293fefc\u003e] __dentry_kill+0x23c/0xf00 fffffe80416afc40\n[\u003c...\u003e]  [\u003cffffffff8953a85f\u003e] ? __this_cpu_preempt_check+0x1f/0xa0 fffffe80416afc48\n[\u003c...\u003e]  [\u003cffffffff82949ce5\u003e] ? shrink_dentry_list+0x1c5/0x760 fffffe80416afc70\n[\u003c...\u003e]  [\u003cffffffff82949b71\u003e] ? shrink_dentry_list+0x51/0x760 fffffe80416afc78\n[\u003c...\u003e]  [\u003cffffffff82949da8\u003e] shrink_dentry_list+0x288/0x760 fffffe80416afc80\n[\u003c...\u003e]  [\u003cffffffff8294ae75\u003e] shrink_dcache_sb+0x155/0x420 fffffe80416afcc8\n[\u003c...\u003e]  [\u003cffffffff8953a7c3\u003e] ? debug_smp_processor_id+0x23/0xa0 fffffe80416afce0\n[\u003c...\u003e]  [\u003cffffffff8294ad20\u003e] ? do_one_tre\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:08.415Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/726f4c241e17be75a9cf6870d80cd7479dc89e8f"
        },
        {
          "url": "https://git.kernel.org/stable/c/061da60716ce0cde99f62f31937b81e1c03acef6"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b6743bd60a56a701070b89fb80c327a44b7b3e2"
        }
      ],
      "title": "tracefs: Use generic inode RCU for synchronizing freeing",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44959",
    "datePublished": "2024-09-04T18:35:57.464Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:08.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:27:03.431067Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:15.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/fuse/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "49934861514d36d0995be8e81bb3312a499d8d9a",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "33168db352c7b56ae18aa55c2cae1a1c5905d30e",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "4690e2171f651e2b415e3941ce17f2f7b813aff6",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "8c78303eafbf85a728dd84d1750e89240c677dd9",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "831433527773e665bdb635ab5783d0b95d1246f4",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "ac42e0f0eb66af966015ee33fd355bc6f5d80cd6",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "18a067240817bee8a9360539af5d79a4bf5398a5",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            },
            {
              "lessThan": "3c0da3d163eb32f1f91891efaade027fa9b245b9",
              "status": "affected",
              "version": "a1d75f258230b75d46aecdf28b2e732413028863",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/fuse/dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: Initialize beyond-EOF page contents before setting uptodate\n\nfuse_notify_store(), unlike fuse_do_readpage(), does not enable page\nzeroing (because it can be used to change partial page contents).\n\nSo fuse_notify_store() must be more careful to fully initialize page\ncontents (including parts of the page that are beyond end-of-file)\nbefore marking the page uptodate.\n\nThe current code can leave beyond-EOF page contents uninitialized, which\nmakes these uninitialized page contents visible to userspace via mmap().\n\nThis is an information leak, but only affects systems which do not\nenable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the\ncorresponding kernel command line parameter)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:18:52.198Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/49934861514d36d0995be8e81bb3312a499d8d9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/33168db352c7b56ae18aa55c2cae1a1c5905d30e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4690e2171f651e2b415e3941ce17f2f7b813aff6"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c78303eafbf85a728dd84d1750e89240c677dd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/831433527773e665bdb635ab5783d0b95d1246f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac42e0f0eb66af966015ee33fd355bc6f5d80cd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/18a067240817bee8a9360539af5d79a4bf5398a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c0da3d163eb32f1f91891efaade027fa9b245b9"
        },
        {
          "url": "https://project-zero.issues.chromium.org/issues/42451729"
        }
      ],
      "title": "fuse: Initialize beyond-EOF page contents before setting uptodate",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44947",
    "datePublished": "2024-09-02T17:36:15.633Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2024-12-19T09:18:52.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:47.457260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:35.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0da0b06165d83a8ecbb6582d9d5a135f9d38a52a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c28d207edfc5679585f4e96acb67000076ce90be",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "829798c789f567ef6ba4b084c15b7b5f3bd98d51",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_job.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Forward soft recovery errors to userspace\n\nAs we discussed before[1], soft recovery should be\nforwarded to userspace, or we can get into a really\nbad state where apps will keep submitting hanging\ncommand buffers cascading us to a hard reset.\n\n1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/\n(cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:10.719Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a"
        },
        {
          "url": "https://git.kernel.org/stable/c/c28d207edfc5679585f4e96acb67000076ce90be"
        },
        {
          "url": "https://git.kernel.org/stable/c/829798c789f567ef6ba4b084c15b7b5f3bd98d51"
        }
      ],
      "title": "drm/amdgpu: Forward soft recovery errors to userspace",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44961",
    "datePublished": "2024-09-04T18:35:59.312Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:10.719Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:17:57.073437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:19.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/input-mt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2829c80614890624456337e47320289112785f3e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "95f73d01f547dfc67fda3022c51e377a0454b505",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "94736334b8a25e4fae8daa6934e54a31f099be43",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8f04edd554d191834e9e1349ef030318ea6b11ba",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "cd19f1799c32ba7b874474b1b968815ce5364f73",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/input/input-mt.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: MT - limit max slots\n\nsyzbot is reporting too large allocation at input_mt_init_slots(), for\nnum_slots is supplied from userspace using ioctl(UI_DEV_CREATE).\n\nSince nobody knows possible max slots, this patch chose 1024."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:08.194Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/87f610a1a7fbdb1f2e3d90b54c955bd3b8a0c322"
        },
        {
          "url": "https://git.kernel.org/stable/c/05dd9aabd04f9b5eb04dab9bb83d8c3e982d7549"
        },
        {
          "url": "https://git.kernel.org/stable/c/95f73d01f547dfc67fda3022c51e377a0454b505"
        },
        {
          "url": "https://git.kernel.org/stable/c/94736334b8a25e4fae8daa6934e54a31f099be43"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f04edd554d191834e9e1349ef030318ea6b11ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd19f1799c32ba7b874474b1b968815ce5364f73"
        },
        {
          "url": "https://git.kernel.org/stable/c/99d3bf5f7377d42f8be60a6b9cb60fb0be34dceb"
        }
      ],
      "title": "Input: MT - limit max slots",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45008",
    "datePublished": "2024-09-04T19:54:49.763Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2024-12-19T09:20:08.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:20:00.407827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:21:05.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "571567e0277008459750f0728f246086b2659429",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "24e93695b1239fbe4c31e224372be77f82dab69a",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "9a3e55afa95ed4ac9eda112d4f918af645d72f25",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "e44bd76dd072756e674f45c5be00153f4ded68b2",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            },
            {
              "lessThan": "faa389b2fbaaec7fd27a390b4896139f9da662e3",
              "status": "affected",
              "version": "0625491493d9000e4556bf566d205c28c8e7dc4e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.32"
            },
            {
              "lessThan": "2.6.32",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent UAF in ip6_send_skb()\n\nsyzbot reported an UAF in ip6_send_skb() [1]\n\nAfter ip6_local_out() has returned, we no longer can safely\ndereference rt, unless we hold rcu_read_lock().\n\nA similar issue has been fixed in commit\na688caa34beb (\"ipv6: take rcu lock in rawv6_send_hdrinc()\")\n\nAnother potential issue in ip6_finish_output2() is handled in a\nseparate patch.\n\n[1]\n BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\nRead of size 8 at addr ffff88806dde4858 by task syz.1.380/6530\n\nCPU: 1 UID: 0 PID: 6530 Comm: syz.1.380 Not tainted 6.11.0-rc3-syzkaller-00306-gdf6cbc62cc9b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nCall Trace:\n \u003cTASK\u003e\n  __dump_stack lib/dump_stack.c:93 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n  print_address_description mm/kasan/report.c:377 [inline]\n  print_report+0x169/0x550 mm/kasan/report.c:488\n  kasan_report+0x143/0x180 mm/kasan/report.c:601\n  ip6_send_skb+0x18d/0x230 net/ipv6/ip6_output.c:1964\n  rawv6_push_pending_frames+0x75c/0x9e0 net/ipv6/raw.c:588\n  rawv6_sendmsg+0x19c7/0x23c0 net/ipv6/raw.c:926\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  sock_write_iter+0x2dd/0x400 net/socket.c:1160\n do_iter_readv_writev+0x60a/0x890\n  vfs_writev+0x37c/0xbb0 fs/read_write.c:971\n  do_writev+0x1b1/0x350 fs/read_write.c:1018\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f936bf79e79\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f936cd7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: 00007f936c115f80 RCX: 00007f936bf79e79\nRDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000004\nRBP: 00007f936bfe7916 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f936c115f80 R15: 00007fff2860a7a8\n \u003c/TASK\u003e\n\nAllocated by task 6530:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  unpoison_slab_object mm/kasan/common.c:312 [inline]\n  __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338\n  kasan_slab_alloc include/linux/kasan.h:201 [inline]\n  slab_post_alloc_hook mm/slub.c:3988 [inline]\n  slab_alloc_node mm/slub.c:4037 [inline]\n  kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044\n  dst_alloc+0x12b/0x190 net/core/dst.c:89\n  ip6_blackhole_route+0x59/0x340 net/ipv6/route.c:2670\n  make_blackhole net/xfrm/xfrm_policy.c:3120 [inline]\n  xfrm_lookup_route+0xd1/0x1c0 net/xfrm/xfrm_policy.c:3313\n  ip6_dst_lookup_flow+0x13e/0x180 net/ipv6/ip6_output.c:1257\n  rawv6_sendmsg+0x1283/0x23c0 net/ipv6/raw.c:898\n  sock_sendmsg_nosec net/socket.c:730 [inline]\n  __sock_sendmsg+0x1a6/0x270 net/socket.c:745\n  ____sys_sendmsg+0x525/0x7d0 net/socket.c:2597\n  ___sys_sendmsg net/socket.c:2651 [inline]\n  __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2680\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 45:\n  kasan_save_stack mm/kasan/common.c:47 [inline]\n  kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n  kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n  poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n  __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n  kasan_slab_free include/linux/kasan.h:184 [inline]\n  slab_free_hook mm/slub.c:2252 [inline]\n  slab_free mm/slub.c:4473 [inline]\n  kmem_cache_free+0x145/0x350 mm/slub.c:4548\n  dst_destroy+0x2ac/0x460 net/core/dst.c:124\n  rcu_do_batch kernel/rcu/tree.c:2569 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:42.261Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/571567e0277008459750f0728f246086b2659429"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce2f6cfab2c637d0bd9762104023a15d0ab7c0a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb5880a0de12c7f618d2bdd84e2d985f1e06ed7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/24e93695b1239fbe4c31e224372be77f82dab69a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a3e55afa95ed4ac9eda112d4f918af645d72f25"
        },
        {
          "url": "https://git.kernel.org/stable/c/af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011"
        },
        {
          "url": "https://git.kernel.org/stable/c/e44bd76dd072756e674f45c5be00153f4ded68b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/faa389b2fbaaec7fd27a390b4896139f9da662e3"
        }
      ],
      "title": "ipv6: prevent UAF in ip6_send_skb()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44987",
    "datePublished": "2024-09-04T19:54:35.510Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:42.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:03.841681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_preempt_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "458bb83119dfee5d14c677f7846dd9363817006f",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            },
            {
              "lessThan": "3cd1585e57908b6efcd967465ef7685f40b2a294",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_preempt_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/preempt_fence: enlarge the fence critical section\n\nIt is really easy to introduce subtle deadlocks in\npreempt_fence_work_func() since we operate on single global ordered-wq\nfor signalling our preempt fences behind the scenes, so even though we\nsignal a particular fence, everything in the callback should be in the\nfence critical section, since blocking in the callback will prevent\nother published fences from signalling. If we enlarge the fence critical\nsection to cover the entire callback, then lockdep should be able to\nunderstand this better, and complain if we grab a sensitive lock like\nvm-\u003elock, which is also held when waiting on preempt fences."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:04.986Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/458bb83119dfee5d14c677f7846dd9363817006f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cd1585e57908b6efcd967465ef7685f40b2a294"
        }
      ],
      "title": "drm/xe/preempt_fence: enlarge the fence critical section",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44956",
    "datePublished": "2024-09-04T18:35:55.140Z",
    "dateReserved": "2024-08-21T05:34:56.666Z",
    "dateUpdated": "2024-12-19T09:19:04.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:34.019685Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:53.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fead60a6d5f84b472b928502a42c419253afe6c1",
              "status": "affected",
              "version": "69c3c023af25edb5433a2db824d3e7cc328f0183",
              "versionType": "git"
            },
            {
              "lessThan": "74c2ab6d653b4c2354df65a7f7f2df1925a40a51",
              "status": "affected",
              "version": "69c3c023af25edb5433a2db824d3e7cc328f0183",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/file.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb/client: avoid possible NULL dereference in cifs_free_subrequest()\n\nClang static checker (scan-build) warning:\n\tcifsglob.h:line 890, column 3\n\tAccess to field \u0027ops\u0027 results in a dereference of a null pointer.\n\nCommit 519be989717c (\"cifs: Add a tracepoint to track credits involved in\nR/W requests\") adds a check for \u0027rdata-\u003eserver\u0027, and let clang throw this\nwarning about NULL dereference.\n\nWhen \u0027rdata-\u003ecredits.value != 0 \u0026\u0026 rdata-\u003eserver == NULL\u0027 happens,\nadd_credits_and_wake_if() will call rdata-\u003eserver-\u003eops-\u003eadd_credits().\nThis will cause NULL dereference problem. Add a check for \u0027rdata-\u003eserver\u0027\nto avoid NULL dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:48.405Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fead60a6d5f84b472b928502a42c419253afe6c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/74c2ab6d653b4c2354df65a7f7f2df1925a40a51"
        }
      ],
      "title": "smb/client: avoid possible NULL dereference in cifs_free_subrequest()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44992",
    "datePublished": "2024-09-04T19:54:38.878Z",
    "dateReserved": "2024-08-21T05:34:56.671Z",
    "dateUpdated": "2024-12-19T09:19:48.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:20.994607Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp_sd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7a7e60ed23d471a07dbbe72565d2992ee8244bbe",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1ec5ea9e25f582fd6999393e2f2c3bf56f234e05",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a3e52a4c22c846858a6875e1c280030a3849e148",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a88a49473c94ccfd8dce1e766aacf3c627278463",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "46f67233b011385d53cf14d272431755de3a7c79",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1e8b7fb427af6b2ddd54eff66a6b428a81c96633",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2429ea3b4330e3653b72b210a0d5f2a717359506",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bf365071ea92b9579d5a272679b74052a5643e35",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/char/sclp_sd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.320",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.282",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Prevent release of buffer in I/O\n\nWhen a task waiting for completion of a Store Data operation is\ninterrupted, an attempt is made to halt this operation. If this attempt\nfails due to a hardware or firmware problem, there is a chance that the\nSCLP facility might store data into buffers referenced by the original\noperation at a later time.\n\nHandle this situation by not releasing the referenced data buffers if\nthe halt attempt fails. For current use cases, this might result in a\nleak of few pages of memory in case of a rare hardware/firmware\nmalfunction."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:20.187Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148"
        },
        {
          "url": "https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463"
        },
        {
          "url": "https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633"
        },
        {
          "url": "https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35"
        }
      ],
      "title": "s390/sclp: Prevent release of buffer in I/O",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44969",
    "datePublished": "2024-09-04T18:56:46.160Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:20.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44951",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:40:19.986023Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:36.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "09cfe05e9907f3276887a20e267cc40e202f4fdd",
              "status": "affected",
              "version": "4409df5866b7ff7686ba27e449ca97a92ee063c9",
              "versionType": "git"
            },
            {
              "lessThan": "133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4",
              "status": "affected",
              "version": "4409df5866b7ff7686ba27e449ca97a92ee063c9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/sc16is7xx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: fix TX fifo corruption\n\nSometimes, when a packet is received on channel A at almost the same time\nas a packet is about to be transmitted on channel B, we observe with a\nlogic analyzer that the received packet on channel A is transmitted on\nchannel B. In other words, the Tx buffer data on channel B is corrupted\nwith data from channel A.\n\nThe problem appeared since commit 4409df5866b7 (\"serial: sc16is7xx: change\nEFR lock to operate on each channels\"), which changed the EFR locking to\noperate on each channel instead of chip-wise.\n\nThis commit has introduced a regression, because the EFR lock is used not\nonly to protect the EFR registers access, but also, in a very obscure and\nundocumented way, to protect access to the data buffer, which is shared by\nthe Tx and Rx handlers, but also by each channel of the IC.\n\nFix this regression first by switching to kfifo_out_linear_ptr() in\nsc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer.\n\nSecondly, replace the chip-wise Rx buffer with a separate Rx buffer for\neach channel."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:00.373Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/09cfe05e9907f3276887a20e267cc40e202f4fdd"
        },
        {
          "url": "https://git.kernel.org/stable/c/133f4c00b8b2bfcacead9b81e7e8edfceb4b06c4"
        }
      ],
      "title": "serial: sc16is7xx: fix TX fifo corruption",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44951",
    "datePublished": "2024-09-04T18:35:51.366Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2024-12-19T09:19:00.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44995",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:19.943422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:31.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67492d4d105c0a6321b00c393eec96b9a7a97a16",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "fc250eca15bde34c4c8f806b9d88f55bd56a992c",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "195918217448a6bb7f929d6a2ffffce9f1ece1cc",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "6ae2b7d63cd056f363045eb65409143e16f23ae8",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "fa1d4de7265c370e673583ac8d1bd17d21826cd9",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "de37408d5c26fc4a296a28a0c96dcb814219bfa1",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            },
            {
              "lessThan": "be5e816d00a506719e9dbb1a9c861c5ced30a109",
              "status": "affected",
              "version": "bb6b94a896d4dd4dcdeccca87c3fd22521c652c0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix a deadlock problem when config TC during resetting\n\nWhen config TC during the reset process, may cause a deadlock, the flow is\nas below:\n                             pf reset start\n                                 \u2502\n                                 \u25bc\n                              ......\nsetup tc                         \u2502\n    \u2502                            \u25bc\n    \u25bc                      DOWN: napi_disable()\nnapi_disable()(skip)             \u2502\n    \u2502                            \u2502\n    \u25bc                            \u25bc\n  ......                      ......\n    \u2502                            \u2502\n    \u25bc                            \u2502\nnapi_enable()                    \u2502\n                                 \u25bc\n                           UINIT: netif_napi_del()\n                                 \u2502\n                                 \u25bc\n                              ......\n                                 \u2502\n                                 \u25bc\n                           INIT: netif_napi_add()\n                                 \u2502\n                                 \u25bc\n                              ......                 global reset start\n                                 \u2502                      \u2502\n                                 \u25bc                      \u25bc\n                           UP: napi_enable()(skip)    ......\n                                 \u2502                      \u2502\n                                 \u25bc                      \u25bc\n                              ......                 napi_disable()\n\nIn reset process, the driver will DOWN the port and then UINIT, in this\ncase, the setup tc process will UP the port before UINIT, so cause the\nproblem. Adds a DOWN process in UINIT to fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:51.847Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67492d4d105c0a6321b00c393eec96b9a7a97a16"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc250eca15bde34c4c8f806b9d88f55bd56a992c"
        },
        {
          "url": "https://git.kernel.org/stable/c/195918217448a6bb7f929d6a2ffffce9f1ece1cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ae2b7d63cd056f363045eb65409143e16f23ae8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa1d4de7265c370e673583ac8d1bd17d21826cd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/de37408d5c26fc4a296a28a0c96dcb814219bfa1"
        },
        {
          "url": "https://git.kernel.org/stable/c/be5e816d00a506719e9dbb1a9c861c5ced30a109"
        }
      ],
      "title": "net: hns3: fix a deadlock problem when config TC during resetting",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44995",
    "datePublished": "2024-09-04T19:54:40.878Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:51.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:27:06.483265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:16.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/kcm.h",
            "net/kcm/kcmsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8c9cdbf600143bd6835c8b8351e5ac956da79aec",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "6633b17840bf828921254d788ccd15602843fe9b",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "eb06c8d3022ce6738711191c89f9b3e9cfb91914",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "fa6c23fe6dcac8c8bd63920ee8681292a2bd544e",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "72da240aafb142630cf16adc803ccdacb3780849",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "00425508f30baa5ab6449a1f478480ca7cffa6da",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "9c8d544ed619f704e2b70e63e08ab75630c2ea23",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            },
            {
              "lessThan": "807067bf014d4a3ae2cc55bd3de16f22a01eb580",
              "status": "affected",
              "version": "ab7ac4eb9832e32a09f4e8042705484d2fb0aad3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/kcm.h",
            "net/kcm/kcmsock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcm: Serialise kcm_sendmsg() for the same socket.\n\nsyzkaller reported UAF in kcm_release(). [0]\n\nThe scenario is\n\n  1. Thread A builds a skb with MSG_MORE and sets kcm-\u003eseq_skb.\n\n  2. Thread A resumes building skb from kcm-\u003eseq_skb but is blocked\n     by sk_stream_wait_memory()\n\n  3. Thread B calls sendmsg() concurrently, finishes building kcm-\u003eseq_skb\n     and puts the skb to the write queue\n\n  4. Thread A faces an error and finally frees skb that is already in the\n     write queue\n\n  5. kcm_release() does double-free the skb in the write queue\n\nWhen a thread is building a MSG_MORE skb, another thread must not touch it.\n\nLet\u0027s add a per-sk mutex and serialise kcm_sendmsg().\n\n[0]:\nBUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline]\nBUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\nBUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline]\nBUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\nRead of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167\n\nCPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G    B              6.8.0-rc5-syzkaller-g9abbc24128bc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nCall trace:\n dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x178/0x518 mm/kasan/report.c:488\n kasan_report+0xd8/0x138 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n __skb_unlink include/linux/skbuff.h:2366 [inline]\n __skb_dequeue include/linux/skbuff.h:2385 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline]\n __skb_queue_purge include/linux/skbuff.h:3181 [inline]\n kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691\n __sock_release net/socket.c:659 [inline]\n sock_close+0xa4/0x1e8 net/socket.c:1421\n __fput+0x30c/0x738 fs/file_table.c:376\n ____fput+0x20/0x30 fs/file_table.c:404\n task_work_run+0x230/0x2e0 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x618/0x1f64 kernel/exit.c:871\n do_group_exit+0x194/0x22c kernel/exit.c:1020\n get_signal+0x1500/0x15ec kernel/signal.c:2893\n do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249\n do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148\n exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]\n exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]\n el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nAllocated by task 6166:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x40/0x78 mm/kasan/common.c:68\n kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626\n unpoison_slab_object mm/kasan/common.c:314 [inline]\n __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340\n kasan_slab_alloc include/linux/kasan.h:201 [inline]\n slab_post_alloc_hook mm/slub.c:3813 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903\n __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641\n alloc_skb include/linux/skbuff.h:1296 [inline]\n kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x220/0x2c0 net/socket.c:768\n splice_to_socket+0x7cc/0xd58 fs/splice.c:889\n do_splice_from fs/splice.c:941 [inline]\n direct_splice_actor+0xec/0x1d8 fs/splice.c:1164\n splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108\n do_splice_direct_actor \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:18:40.022Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8c9cdbf600143bd6835c8b8351e5ac956da79aec"
        },
        {
          "url": "https://git.kernel.org/stable/c/6633b17840bf828921254d788ccd15602843fe9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb06c8d3022ce6738711191c89f9b3e9cfb91914"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa6c23fe6dcac8c8bd63920ee8681292a2bd544e"
        },
        {
          "url": "https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849"
        },
        {
          "url": "https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23"
        },
        {
          "url": "https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580"
        }
      ],
      "title": "kcm: Serialise kcm_sendmsg() for the same socket.",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44946",
    "datePublished": "2024-08-31T13:22:47.250Z",
    "dateReserved": "2024-08-21T05:34:56.665Z",
    "dateUpdated": "2024-12-19T09:18:40.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:18:09.033910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:18:29.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef0a0e616b2789bb804a0ce5e161db03170a85b6",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "a57b0ebabe6862dce0a2e0f13e17941ad72fc56b",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "0f0654318e25b2c185e245ba4a591e42fabb5e59",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "365ef7c4277fdd781a695c3553fa157d622d805d",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "5ad898ae82412f8a689d59829804bff2999dd0ea",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "6b99de301d78e1f5249e57ef2c32e1dec3df2bb1",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "8fb9d412ebe2f245f13481e4624b40e651570cbd",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            },
            {
              "lessThan": "af8e119f52e9c13e556be9e03f27957554a84656",
              "status": "affected",
              "version": "651aaf36a7d7b36a58980e70133f9437d4f6d312",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.321",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.283",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.225",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Fix Panther point NULL pointer deref at full-speed re-enumeration\n\nre-enumerating full-speed devices after a failed address device command\ncan trigger a NULL pointer dereference.\n\nFull-speed devices may need to reconfigure the endpoint 0 Max Packet Size\nvalue during enumeration. Usb core calls usb_ep0_reinit() in this case,\nwhich ends up calling xhci_configure_endpoint().\n\nOn Panther point xHC the xhci_configure_endpoint() function will\nadditionally check and reserve bandwidth in software. Other hosts do\nthis in hardware\n\nIf xHC address device command fails then a new xhci_virt_device structure\nis allocated as part of re-enabling the slot, but the bandwidth table\npointers are not set up properly here.\nThis triggers the NULL pointer dereference the next time usb_ep0_reinit()\nis called and xhci_configure_endpoint() tries to check and reserve\nbandwidth\n\n[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd\n[46710.713699] usb 3-1: Device not responding to setup address.\n[46710.917684] usb 3-1: Device not responding to setup address.\n[46711.125536] usb 3-1: device not accepting address 5, error -71\n[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008\n[46711.125600] #PF: supervisor read access in kernel mode\n[46711.125603] #PF: error_code(0x0000) - not-present page\n[46711.125606] PGD 0 P4D 0\n[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1\n[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.\n[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]\n[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c\n\nFix this by making sure bandwidth table pointers are set up correctly\nafter a failed address device command, and additionally by avoiding\nchecking for bandwidth in cases like this where no actual endpoints are\nadded or removed, i.e. only context for default control endpoint 0 is\nevaluated."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:20:05.956Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef0a0e616b2789bb804a0ce5e161db03170a85b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/a57b0ebabe6862dce0a2e0f13e17941ad72fc56b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f0654318e25b2c185e245ba4a591e42fabb5e59"
        },
        {
          "url": "https://git.kernel.org/stable/c/365ef7c4277fdd781a695c3553fa157d622d805d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ad898ae82412f8a689d59829804bff2999dd0ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b99de301d78e1f5249e57ef2c32e1dec3df2bb1"
        },
        {
          "url": "https://git.kernel.org/stable/c/8fb9d412ebe2f245f13481e4624b40e651570cbd"
        },
        {
          "url": "https://git.kernel.org/stable/c/af8e119f52e9c13e556be9e03f27957554a84656"
        }
      ],
      "title": "xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-45006",
    "datePublished": "2024-09-04T19:54:48.353Z",
    "dateReserved": "2024-08-21T05:34:56.679Z",
    "dateUpdated": "2024-12-19T09:20:05.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:19:45.873859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:14.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_gt_pagefault.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            },
            {
              "lessThan": "a6f78359ac75f24cac3c1bdd753c49c1877bcd82",
              "status": "affected",
              "version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/xe/xe_gt_pagefault.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix missing workqueue destroy in xe_gt_pagefault\n\nOn driver reload we never free up the memory for the pagefault and\naccess counter workqueues. Add those destroy calls here.\n\n(cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:32.316Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b09ef3b762a7fc641fb2f89afd3ebdb65b8ba1b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6f78359ac75f24cac3c1bdd753c49c1877bcd82"
        }
      ],
      "title": "drm/xe: Fix missing workqueue destroy in xe_gt_pagefault",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44979",
    "datePublished": "2024-09-04T19:54:30.205Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:32.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:23:17.083682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:03.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5ab8793b9a6cc059f503cbe6fe596f80765e0f19",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "50553ea7cbd3344fbf40afb065f6a2d38171c1ad",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e562415248f402203e7fb6d8c38c1b32fa99220f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c99769bceab4ecb6a067b9af11f9db281eea3e2a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Validate TA binary size\n\nAdd TA binary size validation to avoid OOB write.\n\n(cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:29.958Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19"
        },
        {
          "url": "https://git.kernel.org/stable/c/50553ea7cbd3344fbf40afb065f6a2d38171c1ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/e562415248f402203e7fb6d8c38c1b32fa99220f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c99769bceab4ecb6a067b9af11f9db281eea3e2a"
        }
      ],
      "title": "drm/amdgpu: Validate TA binary size",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44977",
    "datePublished": "2024-09-04T19:54:28.932Z",
    "dateReserved": "2024-08-21T05:34:56.669Z",
    "dateUpdated": "2024-12-19T09:19:29.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_inet.c",
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c05155cc455785916164aa5e1b4605a2ae946537",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "d9384ae7aec46036d248d1c2c2757e471ab486c3",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "0279c35d242d037abeb73d60d06a6d1bb7f672d9",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "043a18bb6cf16adaa2f8642acfde6e8956a9caaa",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            },
            {
              "lessThan": "6ea14ccb60c8ab829349979b22b58a941ec4a3ee",
              "status": "affected",
              "version": "4cd91f7c290f64fe430867ddbae10bff34657b6a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_flow_table_inet.c",
            "net/netfilter/nf_flow_table_ip.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.166",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.107",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.48",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate vlan header\n\nEnsure there is sufficient room to access the protocol field of the\nVLAN header, validate it once before the flowtable lookup.\n\n=====================================================\nBUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]\n nf_ingress net/core/dev.c:5440 [inline]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:36.995Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c05155cc455785916164aa5e1b4605a2ae946537"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9384ae7aec46036d248d1c2c2757e471ab486c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0279c35d242d037abeb73d60d06a6d1bb7f672d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/043a18bb6cf16adaa2f8642acfde6e8956a9caaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ea14ccb60c8ab829349979b22b58a941ec4a3ee"
        }
      ],
      "title": "netfilter: flowtable: validate vlan header",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44983",
    "datePublished": "2024-09-04T19:54:32.830Z",
    "dateReserved": "2024-08-21T05:34:56.670Z",
    "dateUpdated": "2024-12-19T09:19:36.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:39:17.730265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:33:34.757Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7b379353e9144e1f7460ff15f39862012c9d0d78",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "650e24748e1e0a7ff91d5c72b72a2f2a452b5b76",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "50d8009a0ac02c3311b23a0066511f8337bd88d9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fba8334721e266f92079632598e46e5f89082f30",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: SHAMPO, Fix invalid WQ linked list unlink\n\nWhen all the strides in a WQE have been consumed, the WQE is unlinked\nfrom the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible\nto receive CQEs with 0 consumed strides for the same WQE even after the\nWQE is fully consumed and unlinked. This triggers an additional unlink\nfor the same wqe which corrupts the linked list.\n\nFix this scenario by accepting 0 sized consumed strides without\nunlinking the WQE again."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:21.444Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78"
        },
        {
          "url": "https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76"
        },
        {
          "url": "https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30"
        }
      ],
      "title": "net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44970",
    "datePublished": "2024-09-04T18:56:46.807Z",
    "dateReserved": "2024-08-21T05:34:56.667Z",
    "dateUpdated": "2024-12-19T09:19:21.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-44994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T20:19:24.535460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T20:19:36.614Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/io-pgfault.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc6bc2ab1663ec9353636416af22452b078510e9",
              "status": "affected",
              "version": "3dfa64aecbafc288216b2790438d395add192c30",
              "versionType": "git"
            },
            {
              "lessThan": "fca5b78511e98bdff2cdd55c172b23200a7b3404",
              "status": "affected",
              "version": "3dfa64aecbafc288216b2790438d395add192c30",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/io-pgfault.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Restore lost return in iommu_report_device_fault()\n\nWhen iommu_report_device_fault gets called with a partial fault it is\nsupposed to collect the fault into the group and then return.\n\nInstead the return was accidently deleted which results in trying to\nprocess the fault and an eventual crash.\n\nDeleting the return was a typo, put it back."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:19:50.736Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc6bc2ab1663ec9353636416af22452b078510e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fca5b78511e98bdff2cdd55c172b23200a7b3404"
        }
      ],
      "title": "iommu: Restore lost return in iommu_report_device_fault()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-44994",
    "datePublished": "2024-09-04T19:54:40.214Z",
    "dateReserved": "2024-08-21T05:34:56.672Z",
    "dateUpdated": "2024-12-19T09:19:50.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}