Action not permitted
Modal body text goes here.
wid-sec-w-2024-2124
Vulnerability from csaf_certbund
Published
2024-09-11 22:00
Modified
2024-09-11 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder einen unspezifischen Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2124 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2124.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2124 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2124"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45009 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091104-CVE-2024-45009-24ea@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45010 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45010-33ee@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45011 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45011-e729@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45012 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45012-9234@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45013 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45013-8efe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45014 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45014-2925@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45015 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091107-CVE-2024-45015-c139@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45016 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45016-fd5a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45017 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45017-ee3e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45018 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45018-7e30@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45019 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45019-5f8b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45020 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091108-CVE-2024-45020-afcc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45021 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45021-68c4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45022 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45022-08f3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45023 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45023-d7f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45024 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45024-2de4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45025 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091109-CVE-2024-45025-94f6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45026 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45026-eaa8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45027 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45027-95b9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45028 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45028-34f7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45029 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45029-662e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-45030 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091110-CVE-2024-45030-c2eb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-46672 vom 2024-09-11",
"url": "https://lore.kernel.org/linux-cve-announce/2024091111-CVE-2024-46672-7542@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel Sammelmeldung vom 2024-09-11",
"url": "https://kernel.org"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-09-11T22:00:00.000+00:00",
"generator": {
"date": "2024-09-12T10:13:43.434+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2024-2124",
"initial_release_date": "2024-09-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T037551",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45009",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45009"
},
{
"cve": "CVE-2024-45010",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45010"
},
{
"cve": "CVE-2024-45011",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45011"
},
{
"cve": "CVE-2024-45012",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45012"
},
{
"cve": "CVE-2024-45013",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45013"
},
{
"cve": "CVE-2024-45014",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45014"
},
{
"cve": "CVE-2024-45015",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45015"
},
{
"cve": "CVE-2024-45016",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45016"
},
{
"cve": "CVE-2024-45017",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45017"
},
{
"cve": "CVE-2024-45018",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45018"
},
{
"cve": "CVE-2024-45019",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45019"
},
{
"cve": "CVE-2024-45020",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45020"
},
{
"cve": "CVE-2024-45021",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45021"
},
{
"cve": "CVE-2024-45022",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45022"
},
{
"cve": "CVE-2024-45023",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45023"
},
{
"cve": "CVE-2024-45024",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45024"
},
{
"cve": "CVE-2024-45025",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45025"
},
{
"cve": "CVE-2024-45026",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45026"
},
{
"cve": "CVE-2024-45027",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45027"
},
{
"cve": "CVE-2024-45028",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45028"
},
{
"cve": "CVE-2024-45029",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45029"
},
{
"cve": "CVE-2024-45030",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-45030"
},
{
"cve": "CVE-2024-46672",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler existieren in verschiedenen Komponenten und Subsystemen wie z.B. mm/hugetlb, md/raid1 oder dem netfilter. Sie werden durch mehrere sicherheitsrelevante Probleme wie eine NULL-Zeiger-Dereferenz, eine fehlende Pr\u00fcfung oder eine unsachgem\u00e4\u00dfe Eingabevalidierung und mehr verursacht. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T037551"
]
},
"release_date": "2024-09-11T22:00:00.000+00:00",
"title": "CVE-2024-46672"
}
]
}
cve-2024-45020
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
bpf: Fix a kernel verifier crash in stacksafe()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:14.999365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:48:29.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7cad3174cc79519bf5f6c4441780264416822c08",
"status": "affected",
"version": "ab470fefce2837e66b771c60858118d50bb5bb10",
"versionType": "git"
},
{
"lessThan": "6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b",
"status": "affected",
"version": "2793a8b015f7f1caadb9bce9c63dc659f7522676",
"versionType": "git"
},
{
"lessThan": "bed2eb964c70b780fb55925892a74f26cb590b25",
"status": "affected",
"version": "2793a8b015f7f1caadb9bce9c63dc659f7522676",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a kernel verifier crash in stacksafe()\n\nDaniel Hodges reported a kernel verifier crash when playing with sched-ext.\nFurther investigation shows that the crash is due to invalid memory access\nin stacksafe(). More specifically, it is the following code:\n\n if (exact != NOT_EXACT \u0026\u0026\n old-\u003estack[spi].slot_type[i % BPF_REG_SIZE] !=\n cur-\u003estack[spi].slot_type[i % BPF_REG_SIZE])\n return false;\n\nThe \u0027i\u0027 iterates old-\u003eallocated_stack.\nIf cur-\u003eallocated_stack \u003c old-\u003eallocated_stack the out-of-bound\naccess will happen.\n\nTo fix the issue add \u0027i \u003e= cur-\u003eallocated_stack\u0027 check such that if\nthe condition is true, stacksafe() should fail. Otherwise,\ncur-\u003estack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:22.226Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7cad3174cc79519bf5f6c4441780264416822c08"
},
{
"url": "https://git.kernel.org/stable/c/6e3987ac310c74bb4dd6a2fa8e46702fe505fb2b"
},
{
"url": "https://git.kernel.org/stable/c/bed2eb964c70b780fb55925892a74f26cb590b25"
}
],
"title": "bpf: Fix a kernel verifier crash in stacksafe()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45020",
"datePublished": "2024-09-11T15:13:54.591Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2024-12-19T09:20:22.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45022
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:43.491220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:57.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd1ffbb50ef4da5e1378a46616b6d7407dc795da",
"status": "affected",
"version": "fe5c2bdcb14c8612eb5e7a09159801c7219e9ac4",
"versionType": "git"
},
{
"lessThan": "de7bad86345c43cd040ed43e20d9fad78a3ee59f",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
},
{
"lessThan": "c91618816f4d21fc574d7577a37722adcd4075b2",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
},
{
"lessThan": "61ebe5a747da649057c37be1c37eb934b4af79ca",
"status": "affected",
"version": "e9c3cda4d86e56bf7fe403729f38c4f0f65d3860",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0\n\nThe __vmap_pages_range_noflush() assumes its argument pages** contains\npages with the same page shift. However, since commit e9c3cda4d86e (\"mm,\nvmalloc: fix high order __GFP_NOFAIL allocations\"), if gfp_flags includes\n__GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation\nfailed for high order, the pages** may contain two different page shifts\n(high order and order-0). This could lead __vmap_pages_range_noflush() to\nperform incorrect mappings, potentially resulting in memory corruption.\n\nUsers might encounter this as follows (vmap_allow_huge = true, 2M is for\nPMD_SIZE):\n\nkvmalloc(2M, __GFP_NOFAIL|GFP_X)\n __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP)\n vm_area_alloc_pages(order=9) ---\u003e order-9 allocation failed and fallback to order-0\n vmap_pages_range()\n vmap_pages_range_noflush()\n __vmap_pages_range_noflush(page_shift = 21) ----\u003e wrong mapping happens\n\nWe can remove the fallback code because if a high-order allocation fails,\n__vmalloc_node_range_noprof() will retry with order-0. Therefore, it is\nunnecessary to fallback to order-0 here. Therefore, fix this by removing\nthe fallback code."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:24.514Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd1ffbb50ef4da5e1378a46616b6d7407dc795da"
},
{
"url": "https://git.kernel.org/stable/c/de7bad86345c43cd040ed43e20d9fad78a3ee59f"
},
{
"url": "https://git.kernel.org/stable/c/c91618816f4d21fc574d7577a37722adcd4075b2"
},
{
"url": "https://git.kernel.org/stable/c/61ebe5a747da649057c37be1c37eb934b4af79ca"
}
],
"title": "mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45022",
"datePublished": "2024-09-11T15:13:55.837Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2024-12-19T09:20:24.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-46672
Vulnerability from cvelistv5
Published
2024-09-11 15:14
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:45:18.869945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:45:33.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4291f94f8c6b01505132c22ee27b59ed27c3584f",
"status": "affected",
"version": "a96202acaea47fa8377088e0952bb63bd02a3bab",
"versionType": "git"
},
{
"lessThan": "1f566eb912d192c83475a919331aea59619e1197",
"status": "affected",
"version": "a96202acaea47fa8377088e0952bb63bd02a3bab",
"versionType": "git"
},
{
"lessThan": "2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1",
"status": "affected",
"version": "a96202acaea47fa8377088e0952bb63bd02a3bab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion\n\nwpa_supplicant 2.11 sends since 1efdba5fdc2c (\"Handle PMKSA flush in the\ndriver for SAE/OWE offload cases\") SSID based PMKSA del commands.\nbrcmfmac is not prepared and tries to dereference the NULL bssid and\npmkid pointers in cfg80211_pmksa. PMKID_V3 operations support SSID based\nupdates so copy the SSID."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:40.257Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4291f94f8c6b01505132c22ee27b59ed27c3584f"
},
{
"url": "https://git.kernel.org/stable/c/1f566eb912d192c83475a919331aea59619e1197"
},
{
"url": "https://git.kernel.org/stable/c/2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1"
}
],
"title": "wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46672",
"datePublished": "2024-09-11T15:14:01.512Z",
"dateReserved": "2024-09-11T15:12:18.247Z",
"dateUpdated": "2024-12-19T09:20:40.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45010
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
mptcp: pm: only mark 'subflow' endp as available
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:56.116338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:51:10.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fdc870d08960961408a44c569f20f50940e7d4f",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "9849cfc67383ceb167155186f8f8fe8a896b60b3",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
},
{
"lessThan": "322ea3778965da72862cca2a0c50253aacf65fe6",
"status": "affected",
"version": "06faa22710342bca5e9c249634199c650799fce6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.108",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only mark \u0027subflow\u0027 endp as available\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.local_addr_used == 0)\n\n... before decrementing the local_addr_used counter helped to find a bug\nwhen running the \"remove single address\" subtest from the mptcp_join.sh\nselftests.\n\nRemoving a \u0027signal\u0027 endpoint will trigger the removal of all subflows\nlinked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with\nrm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used\ncounter, which is wrong in this case because this counter is linked to\n\u0027subflow\u0027 endpoints, and here it is a \u0027signal\u0027 endpoint that is being\nremoved.\n\nNow, the counter is decremented, only if the ID is being used outside\nof mptcp_pm_nl_rm_addr_or_subflow(), only for \u0027subflow\u0027 endpoints, and\nif the ID is not 0 -- local_addr_used is not taking into account these\nones. This marking of the ID as being available, and the decrement is\ndone no matter if a subflow using this ID is currently available,\nbecause the subflow could have been closed before."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:10.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fdc870d08960961408a44c569f20f50940e7d4f"
},
{
"url": "https://git.kernel.org/stable/c/43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d"
},
{
"url": "https://git.kernel.org/stable/c/9849cfc67383ceb167155186f8f8fe8a896b60b3"
},
{
"url": "https://git.kernel.org/stable/c/322ea3778965da72862cca2a0c50253aacf65fe6"
}
],
"title": "mptcp: pm: only mark \u0027subflow\u0027 endp as available",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45010",
"datePublished": "2024-09-11T15:13:48.358Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2024-12-19T09:20:10.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45030
Vulnerability from cvelistv5
Published
2024-09-11 15:14
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
igb: cope with large MAX_SKB_FRAGS
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:45:35.285052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:45:49.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ea80ff5d8298356d28077bc30913ed37df65109",
"status": "affected",
"version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71",
"versionType": "git"
},
{
"lessThan": "b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab",
"status": "affected",
"version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71",
"versionType": "git"
},
{
"lessThan": "8aba27c4a5020abdf60149239198297f88338a8d",
"status": "affected",
"version": "3948b05950fdd64002a5f182c65ba5cf2d53cf71",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/igb/igb_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: cope with large MAX_SKB_FRAGS\n\nSabrina reports that the igb driver does not cope well with large\nMAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload\ncorruption on TX.\n\nAn easy reproducer is to run ssh to connect to the machine. With\nMAX_SKB_FRAGS=17 it works, with MAX_SKB_FRAGS=45 it fails. This has\nbeen reported originally in\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2265320\n\nThe root cause of the issue is that the driver does not take into\naccount properly the (possibly large) shared info size when selecting\nthe ring layout, and will try to fit two packets inside the same 4K\npage even when the 1st fraglist will trump over the 2nd head.\n\nAddress the issue by checking if 2K buffers are insufficient."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:39.021Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ea80ff5d8298356d28077bc30913ed37df65109"
},
{
"url": "https://git.kernel.org/stable/c/b52bd8bcb9e8ff250c79b44f9af8b15cae8911ab"
},
{
"url": "https://git.kernel.org/stable/c/8aba27c4a5020abdf60149239198297f88338a8d"
}
],
"title": "igb: cope with large MAX_SKB_FRAGS",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45030",
"datePublished": "2024-09-11T15:14:00.886Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2024-12-19T09:20:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45019
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
net/mlx5e: Take state lock during tx timeout reporter
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:31.371644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:48:46.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "03d3734bd692affe4d0e9c9d638f491aaf37411b",
"status": "affected",
"version": "514232495aa523641febaa58b687fe6df1cd0b73",
"versionType": "git"
},
{
"lessThan": "b3b9a87adee97854bcd71057901d46943076267e",
"status": "affected",
"version": "8ce3d969348a7c7fa3469588eb1319f9f3cc0eaa",
"versionType": "git"
},
{
"lessThan": "8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809",
"status": "affected",
"version": "eab0da38912ebdad922ed0388209f7eb0a5163cd",
"versionType": "git"
},
{
"lessThan": "e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3",
"status": "affected",
"version": "eab0da38912ebdad922ed0388209f7eb0a5163cd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take state lock during tx timeout reporter\n\nmlx5e_safe_reopen_channels() requires the state lock taken. The\nreferenced changed in the Fixes tag removed the lock to fix another\nissue. This patch adds it back but at a later point (when calling\nmlx5e_safe_reopen_channels()) to avoid the deadlock referenced in the\nFixes tag."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:21.104Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03d3734bd692affe4d0e9c9d638f491aaf37411b"
},
{
"url": "https://git.kernel.org/stable/c/b3b9a87adee97854bcd71057901d46943076267e"
},
{
"url": "https://git.kernel.org/stable/c/8e57e66ecbdd2fddc9fbf3e984b1c523b70e9809"
},
{
"url": "https://git.kernel.org/stable/c/e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3"
}
],
"title": "net/mlx5e: Take state lock during tx timeout reporter",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45019",
"datePublished": "2024-09-11T15:13:53.933Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2024-12-19T09:20:21.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45021
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
memcg_write_event_control(): fix a user-triggerable oops
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:59.119087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:48:13.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/memcontrol-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa5bfdf6cb5846a00e712d630a43e3cf55ccb411",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "1b37ec85ad95b612307627758c6018cd9d92cca8",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "ad149f5585345e383baa65f1539d816cd715fd3b",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "0fbe2a72e853a1052abe9bc2b7df8ddb102da227",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "43768fa80fd192558737e24ed6548f74554611d7",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "f1aa7c509aa766080db7ab3aec2e31b1df09e57c",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "21b578f1d599edb87462f11113c5b0fc7a04ac61",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
},
{
"lessThan": "046667c4d3196938e992fba0dfcde570aa85cd0e",
"status": "affected",
"version": "0dea116876eefc9c7ca9c5d74fe665481e499fa3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/memcontrol-v1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg_write_event_control(): fix a user-triggerable oops\n\nwe are *not* guaranteed that anything past the terminating NUL\nis mapped (let alone initialized with anything sane)."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:23.365Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411"
},
{
"url": "https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8"
},
{
"url": "https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b"
},
{
"url": "https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227"
},
{
"url": "https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7"
},
{
"url": "https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c"
},
{
"url": "https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61"
},
{
"url": "https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e"
}
],
"title": "memcg_write_event_control(): fix a user-triggerable oops",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45021",
"datePublished": "2024-09-11T15:13:55.211Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2024-12-19T09:20:23.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45009
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
mptcp: pm: only decrement add_addr_accepted for MPJ req
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:51:12.192901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:51:26.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "35b31f5549ede4070566b949781e83495906b43d",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "85b866e4c4e63a1d7afb58f1e24273caad03d0b7",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "d20bf2c96d7ffd171299b32f562f70e5bf5dc608",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "2060f1efab370b496c4903b840844ecaff324c3c",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
},
{
"lessThan": "1c1f721375989579e46741f59523e39ec9b2a9bd",
"status": "affected",
"version": "d0876b2284cf8b34dd214b2d0aa21071c345da59",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/pm_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: pm: only decrement add_addr_accepted for MPJ req\n\nAdding the following warning ...\n\n WARN_ON_ONCE(msk-\u003epm.add_addr_accepted == 0)\n\n... before decrementing the add_addr_accepted counter helped to find a\nbug when running the \"remove single subflow\" subtest from the\nmptcp_join.sh selftest.\n\nRemoving a \u0027subflow\u0027 endpoint will first trigger a RM_ADDR, then the\nsubflow closure. Before this patch, and upon the reception of the\nRM_ADDR, the other peer will then try to decrement this\nadd_addr_accepted. That\u0027s not correct because the attached subflows have\nnot been created upon the reception of an ADD_ADDR.\n\nA way to solve that is to decrement the counter only if the attached\nsubflow was an MP_JOIN to a remote id that was not 0, and initiated by\nthe host receiving the RM_ADDR."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:09.331Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d"
},
{
"url": "https://git.kernel.org/stable/c/85b866e4c4e63a1d7afb58f1e24273caad03d0b7"
},
{
"url": "https://git.kernel.org/stable/c/d20bf2c96d7ffd171299b32f562f70e5bf5dc608"
},
{
"url": "https://git.kernel.org/stable/c/2060f1efab370b496c4903b840844ecaff324c3c"
},
{
"url": "https://git.kernel.org/stable/c/1c1f721375989579e46741f59523e39ec9b2a9bd"
}
],
"title": "mptcp: pm: only decrement add_addr_accepted for MPJ req",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45009",
"datePublished": "2024-09-11T15:13:47.719Z",
"dateReserved": "2024-08-21T05:34:56.679Z",
"dateUpdated": "2024-12-19T09:20:09.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45029
Vulnerability from cvelistv5
Published
2024-09-11 15:14
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
i2c: tegra: Do not mark ACPI devices as irq safe
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:45:50.827787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:46:06.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a89aef1e6cc43fa019a58080ed05c839e6c77876",
"status": "affected",
"version": "bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c",
"versionType": "git"
},
{
"lessThan": "6861faf4232e4b78878f2de1ed3ee324ddae2287",
"status": "affected",
"version": "bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c",
"versionType": "git"
},
{
"lessThan": "2853e1376d8161b04c9ff18ba82b43f08a049905",
"status": "affected",
"version": "bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c",
"versionType": "git"
},
{
"lessThan": "14d069d92951a3e150c0a81f2ca3b93e54da913b",
"status": "affected",
"version": "bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/i2c/busses/i2c-tegra.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: tegra: Do not mark ACPI devices as irq safe\n\nOn ACPI machines, the tegra i2c module encounters an issue due to a\nmutex being called inside a spinlock. This leads to the following bug:\n\n\tBUG: sleeping function called from invalid context at kernel/locking/mutex.c:585\n\t...\n\n\tCall trace:\n\t__might_sleep\n\t__mutex_lock_common\n\tmutex_lock_nested\n\tacpi_subsys_runtime_resume\n\trpm_resume\n\ttegra_i2c_xfer\n\nThe problem arises because during __pm_runtime_resume(), the spinlock\n\u0026dev-\u003epower.lock is acquired before rpm_resume() is called. Later,\nrpm_resume() invokes acpi_subsys_runtime_resume(), which relies on\nmutexes, triggering the error.\n\nTo address this issue, devices on ACPI are now marked as not IRQ-safe,\nconsidering the dependency of acpi_subsys_runtime_resume() on mutexes."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:37.725Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876"
},
{
"url": "https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287"
},
{
"url": "https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905"
},
{
"url": "https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b"
}
],
"title": "i2c: tegra: Do not mark ACPI devices as irq safe",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45029",
"datePublished": "2024-09-11T15:14:00.260Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2024-12-19T09:20:37.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45016
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
netem: fix return value if duplicate enqueue fails
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:19.675501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:33.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "52d99a69f3d556c6426048c9d481b912205919d8",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "0486d31dd8198e22b63a4730244b38fffce6d469",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "577d6c0619467fe90f7e8e57e45cb5bd9d936014",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "e5bb2988a310667abed66c7d3ffa28880cf0f883",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
},
{
"lessThan": "c07ff8592d57ed258afee5a5e04991a48dbaf382",
"status": "affected",
"version": "5845f706388a4cde0f6b80f9e5d33527e942b7d9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_netem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetem: fix return value if duplicate enqueue fails\n\nThere is a bug in netem_enqueue() introduced by\ncommit 5845f706388a (\"net: netem: fix skb length BUG_ON in __skb_to_sgvec\")\nthat can lead to a use-after-free.\n\nThis commit made netem_enqueue() always return NET_XMIT_SUCCESS\nwhen a packet is duplicated, which can cause the parent qdisc\u0027s q.qlen\nto be mistakenly incremented. When this happens qlen_notify() may be\nskipped on the parent during destruction, leaving a dangling pointer\nfor some classful qdiscs like DRR.\n\nThere are two ways for the bug happen:\n\n- If the duplicated packet is dropped by rootq-\u003eenqueue() and then\n the original packet is also dropped.\n- If rootq-\u003eenqueue() sends the duplicated packet to a different qdisc\n and the original packet is dropped.\n\nIn both cases NET_XMIT_SUCCESS is returned even though no packets\nare enqueued at the netem qdisc.\n\nThe fix is to defer the enqueue of the duplicate packet until after\nthe original packet has been guaranteed to return NET_XMIT_SUCCESS."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:17.726Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/759e3e8c4a6a6b4e52ebc4547123a457f0ce90d4"
},
{
"url": "https://git.kernel.org/stable/c/c414000da1c2ea1ba9a5e5bb1a4ba774e51e202d"
},
{
"url": "https://git.kernel.org/stable/c/52d99a69f3d556c6426048c9d481b912205919d8"
},
{
"url": "https://git.kernel.org/stable/c/0486d31dd8198e22b63a4730244b38fffce6d469"
},
{
"url": "https://git.kernel.org/stable/c/577d6c0619467fe90f7e8e57e45cb5bd9d936014"
},
{
"url": "https://git.kernel.org/stable/c/e5bb2988a310667abed66c7d3ffa28880cf0f883"
},
{
"url": "https://git.kernel.org/stable/c/c07ff8592d57ed258afee5a5e04991a48dbaf382"
}
],
"title": "netem: fix return value if duplicate enqueue fails",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45016",
"datePublished": "2024-09-11T15:13:52.053Z",
"dateReserved": "2024-08-21T05:34:56.682Z",
"dateUpdated": "2024-12-19T09:20:17.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45026
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
s390/dasd: fix error recovery leading to data corruption on ESE devices
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:39.841573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:46:54.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c",
"drivers/s390/block/dasd_3990_erp.c",
"drivers/s390/block/dasd_eckd.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "19f60a55b2fda49bc4f6134a5f6356ef62ee69d8",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "e245a18281c252c8dbc467492e09bb5d4b012118",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "0a228896a1b3654cd461ff654f6a64e97a9c3246",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "93a7e2856951680cd7fe6ebd705ac10c8a8a5efd",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "5d4a304338daf83ace2887aaacafd66fe99ed5cc",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
},
{
"lessThan": "7db4042336580dfd75cb5faa82c12cd51098c90b",
"status": "affected",
"version": "5e2b17e712cf10cc3cc98fde28a88e8f1a1267e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/block/dasd.c",
"drivers/s390/block/dasd_3990_erp.c",
"drivers/s390/block/dasd_eckd.c",
"drivers/s390/block/dasd_int.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix error recovery leading to data corruption on ESE devices\n\nExtent Space Efficient (ESE) or thin provisioned volumes need to be\nformatted on demand during usual IO processing.\n\nThe dasd_ese_needs_format function checks for error codes that signal\nthe non existence of a proper track format.\n\nThe check for incorrect length is to imprecise since other error cases\nleading to transport of insufficient data also have this flag set.\nThis might lead to data corruption in certain error cases for example\nduring a storage server warmstart.\n\nFix by removing the check for incorrect length and replacing by\nexplicitly checking for invalid track format in transport mode.\n\nAlso remove the check for file protected since this is not a valid\nESE handling case."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:29.190Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/19f60a55b2fda49bc4f6134a5f6356ef62ee69d8"
},
{
"url": "https://git.kernel.org/stable/c/e245a18281c252c8dbc467492e09bb5d4b012118"
},
{
"url": "https://git.kernel.org/stable/c/a665e3b7ac7d5cdc26e00e3d0fc8fd490e00316a"
},
{
"url": "https://git.kernel.org/stable/c/0a228896a1b3654cd461ff654f6a64e97a9c3246"
},
{
"url": "https://git.kernel.org/stable/c/93a7e2856951680cd7fe6ebd705ac10c8a8a5efd"
},
{
"url": "https://git.kernel.org/stable/c/5d4a304338daf83ace2887aaacafd66fe99ed5cc"
},
{
"url": "https://git.kernel.org/stable/c/7db4042336580dfd75cb5faa82c12cd51098c90b"
}
],
"title": "s390/dasd: fix error recovery leading to data corruption on ESE devices",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45026",
"datePublished": "2024-09-11T15:13:58.396Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2024-12-19T09:20:29.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45017
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
net/mlx5: Fix IPsec RoCE MPV trace call
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:03.483207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:18.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2ae52a65a850ded75a94e8d7ec1e09737f4c6509",
"status": "affected",
"version": "dfbd229abeee76a0bcf015e93c85dca8d18568d4",
"versionType": "git"
},
{
"lessThan": "607e1df7bd47fe91cab85a97f57870a26d066137",
"status": "affected",
"version": "dfbd229abeee76a0bcf015e93c85dca8d18568d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/lib/ipsec_fs_roce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix IPsec RoCE MPV trace call\n\nPrevent the call trace below from happening, by not allowing IPsec\ncreation over a slave, if master device doesn\u0027t support IPsec.\n\nWARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240 down_read+0x75/0x94\nModules linked in: esp4_offload esp4 act_mirred act_vlan cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa mst_pciconf(OE) nfsv3 nfs_acl nfs lockd grace fscache netfs xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill cuse fuse rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_ipoib iw_cm ib_cm ipmi_ssif intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd kvm_amd kvm irqbypass crct10dif_pclmul crc32_pclmul mlx5_ib ghash_clmulni_intel sha1_ssse3 dell_smbios ib_uverbs aesni_intel crypto_simd dcdbas wmi_bmof dell_wmi_descriptor cryptd pcspkr ib_core acpi_ipmi sp5100_tco ccp i2c_piix4 ipmi_si ptdma k10temp ipmi_devintf ipmi_msghandler acpi_power_meter acpi_cpufreq ext4 mbcache jbd2 sd_mod t10_pi sg mgag200 drm_kms_helper syscopyarea sysfillrect mlx5_core sysimgblt fb_sys_fops cec\n ahci libahci mlxfw drm pci_hyperv_intf libata tg3 sha256_ssse3 tls megaraid_sas i2c_algo_bit psample wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: mst_pci]\nCPU: 44 PID: 16136 Comm: kworker/44:3 Kdump: loaded Tainted: GOE 5.15.0-20240509.el8uek.uek7_u3_update_v6.6_ipsec_bf.x86_64 #2\nHardware name: Dell Inc. PowerEdge R7525/074H08, BIOS 2.0.3 01/15/2021\nWorkqueue: events xfrm_state_gc_task\nRIP: 0010:down_read+0x75/0x94\nCode: 00 48 8b 45 08 65 48 8b 14 25 80 fc 01 00 83 e0 02 48 09 d0 48 83 c8 01 48 89 45 08 5d 31 c0 89 c2 89 c6 89 c7 e9 cb 88 3b 00 \u003c0f\u003e 0b 48 8b 45 08 a8 01 74 b2 a8 02 75 ae 48 89 c2 48 83 ca 02 f0\nRSP: 0018:ffffb26387773da8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffa08b658af900 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ff886bc5e1366f2f RDI: 0000000000000000\nRBP: ffffa08b658af940 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffa0a9bfb31540\nR13: ffffa0a9bfb37900 R14: 0000000000000000 R15: ffffa0a9bfb37905\nFS: 0000000000000000(0000) GS:ffffa0a9bfb00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055a45ed814e8 CR3: 000000109038a000 CR4: 0000000000350ee0\nCall Trace:\n \u003cTASK\u003e\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? show_trace_log_lvl+0x1d6/0x2f9\n ? mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n ? down_read+0x75/0x94\n ? __warn+0x80/0x113\n ? down_read+0x75/0x94\n ? report_bug+0xa4/0x11d\n ? handle_bug+0x35/0x8b\n ? exc_invalid_op+0x14/0x75\n ? asm_exc_invalid_op+0x16/0x1b\n ? down_read+0x75/0x94\n ? down_read+0xe/0x94\n mlx5_devcom_for_each_peer_begin+0x29/0x60 [mlx5_core]\n mlx5_ipsec_fs_roce_tx_destroy+0xb1/0x130 [mlx5_core]\n tx_destroy+0x1b/0xc0 [mlx5_core]\n tx_ft_put+0x53/0xc0 [mlx5_core]\n mlx5e_xfrm_free_state+0x45/0x90 [mlx5_core]\n ___xfrm_state_destroy+0x10f/0x1a2\n xfrm_state_gc_task+0x81/0xa9\n process_one_work+0x1f1/0x3c6\n worker_thread+0x53/0x3e4\n ? process_one_work.cold+0x46/0x3c\n kthread+0x127/0x144\n ? set_kthread_struct+0x60/0x52\n ret_from_fork+0x22/0x2d\n \u003c/TASK\u003e\n---[ end trace 5ef7896144d398e1 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:18.865Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ae52a65a850ded75a94e8d7ec1e09737f4c6509"
},
{
"url": "https://git.kernel.org/stable/c/607e1df7bd47fe91cab85a97f57870a26d066137"
}
],
"title": "net/mlx5: Fix IPsec RoCE MPV trace call",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45017",
"datePublished": "2024-09-11T15:13:52.675Z",
"dateReserved": "2024-08-21T05:34:56.682Z",
"dateUpdated": "2024-12-19T09:20:18.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45013
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
nvme: move stopping keep-alive into nvme_uninit_ctrl()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:07.552201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:50:22.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4101af98ab573554c4225e328d506fec2a74bc54",
"status": "affected",
"version": "3af755a46881c32fecaecfdeaf3a8f0a869deca5",
"versionType": "git"
},
{
"lessThan": "a54a93d0e3599b05856971734e15418ac551a14c",
"status": "affected",
"version": "3af755a46881c32fecaecfdeaf3a8f0a869deca5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: move stopping keep-alive into nvme_uninit_ctrl()\n\nCommit 4733b65d82bd (\"nvme: start keep-alive after admin queue setup\")\nmoves starting keep-alive from nvme_start_ctrl() into\nnvme_init_ctrl_finish(), but don\u0027t move stopping keep-alive into\nnvme_uninit_ctrl(), so keep-alive work can be started and keep pending\nafter failing to start controller, finally use-after-free is triggered if\nnvme host driver is unloaded.\n\nThis patch fixes kernel panic when running nvme/004 in case that connection\nfailure is triggered, by moving stopping keep-alive into nvme_uninit_ctrl().\n\nThis way is reasonable because keep-alive is now started in\nnvme_init_ctrl_finish()."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:14.017Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4101af98ab573554c4225e328d506fec2a74bc54"
},
{
"url": "https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c"
}
],
"title": "nvme: move stopping keep-alive into nvme_uninit_ctrl()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45013",
"datePublished": "2024-09-11T15:13:50.210Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2024-12-19T09:20:14.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45012
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
nouveau/firmware: use dma non-coherent allocator
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45012",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:23.967178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:50:38.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c",
"drivers/gpu/drm/nouveau/nvkm/falcon/fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc29c5546c6a373648363ac49781f1d74b530707",
"status": "affected",
"version": "2541626cfb794e57ba0575a6920826f591f7ced0",
"versionType": "git"
},
{
"lessThan": "57ca481fca97ca4553e8c85d6a94baf4cb40c40e",
"status": "affected",
"version": "2541626cfb794e57ba0575a6920826f591f7ced0",
"versionType": "git"
},
{
"lessThan": "9b340aeb26d50e9a9ec99599e2a39b035fac978e",
"status": "affected",
"version": "2541626cfb794e57ba0575a6920826f591f7ced0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c",
"drivers/gpu/drm/nouveau/nvkm/falcon/fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.2"
},
{
"lessThan": "6.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/firmware: use dma non-coherent allocator\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup, when the iommu is enabled:\n\nkernel BUG at include/linux/scatterlist.h:187!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\nHardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\nRIP: 0010:sg_init_one+0x85/0xa0\nCode: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 \u003c0f\u003e 0b 0f 0b\n0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\nRSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\nRDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\nRBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\nR13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\nFS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\nCall Trace:\n \u003cTASK\u003e\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n\nFix this by using the non-coherent allocator instead, I think there\nmight be a better answer to this, but it involve ripping up some of\nAPIs using sg lists."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:12.877Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc29c5546c6a373648363ac49781f1d74b530707"
},
{
"url": "https://git.kernel.org/stable/c/57ca481fca97ca4553e8c85d6a94baf4cb40c40e"
},
{
"url": "https://git.kernel.org/stable/c/9b340aeb26d50e9a9ec99599e2a39b035fac978e"
}
],
"title": "nouveau/firmware: use dma non-coherent allocator",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45012",
"datePublished": "2024-09-11T15:13:49.605Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2024-12-19T09:20:12.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45023
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2025-04-09 14:51
Severity ?
EPSS score ?
Summary
md/raid1: Fix data corruption for degraded array with slow disk
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:27.863341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:42.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2febf5fdbf5d9a52ddc3e986971c8609b1582d67",
"status": "affected",
"version": "dfa8ecd167c1753d4fc24a517e1d79c603183c94",
"versionType": "git"
},
{
"lessThan": "c916ca35308d3187c9928664f9be249b22a3a701",
"status": "affected",
"version": "dfa8ecd167c1753d4fc24a517e1d79c603183c94",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: Fix data corruption for degraded array with slow disk\n\nread_balance() will avoid reading from slow disks as much as possible,\nhowever, if valid data only lands in slow disks, and a new normal disk\nis still in recovery, unrecovered data can be read:\n\nraid1_read_request\n read_balance\n raid1_should_read_first\n -\u003e return false\n choose_best_rdev\n -\u003e normal disk is not recovered, return -1\n choose_bb_rdev\n -\u003e missing the checking of recovery, return the normal disk\n -\u003e read unrecovered data\n\nRoot cause is that the checking of recovery is missing in\nchoose_bb_rdev(). Hence add such checking to fix the problem.\n\nAlso fix similar problem in choose_slow_rdev()."
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T14:51:45.814Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2febf5fdbf5d9a52ddc3e986971c8609b1582d67"
},
{
"url": "https://git.kernel.org/stable/c/c916ca35308d3187c9928664f9be249b22a3a701"
}
],
"title": "md/raid1: Fix data corruption for degraded array with slow disk",
"x_generator": {
"engine": "bippy-7c5fe7eed585"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45023",
"datePublished": "2024-09-11T15:13:56.451Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2025-04-09T14:51:45.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45028
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
mmc: mmc_test: Fix NULL dereference on allocation failure
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:08.195829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:46:22.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/core/mmc_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e97be13a9f51284da450dd2a592e3fa87b49cdc9",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "2b507b03991f44dfb202fc2a82c9874d1b1f0c06",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "9b9ba386d7bfdbc38445932c90fa9444c0524bea",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "e40515582141a9e7c84b269be699c05236a499a6",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "3b4e76ceae5b5a46c968bd952f551ce173809f63",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "cac2815f49d343b2f0acc4973d2c14918ac3ab0c",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "ecb15b8ca12c0cbdab81e307e9795214d8b90890",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
},
{
"lessThan": "a1e627af32ed60713941cbfc8075d44cad07f6dd",
"status": "affected",
"version": "2661081f5ab9cb25359d27f88707a018cf4e68e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/core/mmc_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmc_test: Fix NULL dereference on allocation failure\n\nIf the \"test-\u003ehighmem = alloc_pages()\" allocation fails then calling\n__free_pages(test-\u003ehighmem) will result in a NULL dereference. Also\nchange the error code to -ENOMEM instead of returning success."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:36.547Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e97be13a9f51284da450dd2a592e3fa87b49cdc9"
},
{
"url": "https://git.kernel.org/stable/c/2b507b03991f44dfb202fc2a82c9874d1b1f0c06"
},
{
"url": "https://git.kernel.org/stable/c/9b9ba386d7bfdbc38445932c90fa9444c0524bea"
},
{
"url": "https://git.kernel.org/stable/c/e40515582141a9e7c84b269be699c05236a499a6"
},
{
"url": "https://git.kernel.org/stable/c/3b4e76ceae5b5a46c968bd952f551ce173809f63"
},
{
"url": "https://git.kernel.org/stable/c/cac2815f49d343b2f0acc4973d2c14918ac3ab0c"
},
{
"url": "https://git.kernel.org/stable/c/ecb15b8ca12c0cbdab81e307e9795214d8b90890"
},
{
"url": "https://git.kernel.org/stable/c/a1e627af32ed60713941cbfc8075d44cad07f6dd"
}
],
"title": "mmc: mmc_test: Fix NULL dereference on allocation failure",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45028",
"datePublished": "2024-09-11T15:13:59.649Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2024-12-19T09:20:36.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45025
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:55.387258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:10.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/file.c",
"include/linux/bitmap.h",
"tools/testing/selftests/core/close_range_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ee501f827f3db02d4e599afbbc1a7f8b792d05d7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e807487a1d5fd5d941f26578ae826ca815dbfcd6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "fe5bf14881701119aeeda7cf685f3c226c7380df",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5053581fe5dfb09b58c65dd8462bf5dea71f41ff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8cad3b2b3ab81ca55f37405ffd1315bcc2948058",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c69d18f0ac7060de724511537810f10f29a27958",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9a2fa1472083580b6c66bdaf291f591e1170123a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/file.c",
"include/linux/bitmap.h",
"tools/testing/selftests/core/close_range_test.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.321",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.283",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE\n\ncopy_fd_bitmaps(new, old, count) is expected to copy the first\ncount/BITS_PER_LONG bits from old-\u003efull_fds_bits[] and fill\nthe rest with zeroes. What it does is copying enough words\n(BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the rest.\nThat works fine, *if* all bits past the cutoff point are\nclear. Otherwise we are risking garbage from the last word\nwe\u0027d copied.\n\nFor most of the callers that is true - expand_fdtable() has\ncount equal to old-\u003emax_fds, so there\u0027s no open descriptors\npast count, let alone fully occupied words in -\u003eopen_fds[],\nwhich is what bits in -\u003efull_fds_bits[] correspond to.\n\nThe other caller (dup_fd()) passes sane_fdtable_size(old_fdt, max_fds),\nwhich is the smallest multiple of BITS_PER_LONG that covers all\nopened descriptors below max_fds. In the common case (copying on\nfork()) max_fds is ~0U, so all opened descriptors will be below\nit and we are fine, by the same reasons why the call in expand_fdtable()\nis safe.\n\nUnfortunately, there is a case where max_fds is less than that\nand where we might, indeed, end up with junk in -\u003efull_fds_bits[] -\nclose_range(from, to, CLOSE_RANGE_UNSHARE) with\n\t* descriptor table being currently shared\n\t* \u0027to\u0027 being above the current capacity of descriptor table\n\t* \u0027from\u0027 being just under some chunk of opened descriptors.\nIn that case we end up with observably wrong behaviour - e.g. spawn\na child with CLONE_FILES, get all descriptors in range 0..127 open,\nthen close_range(64, ~0U, CLOSE_RANGE_UNSHARE) and watch dup(0) ending\nup with descriptor #128, despite #64 being observably not open.\n\nThe minimally invasive fix would be to deal with that in dup_fd().\nIf this proves to add measurable overhead, we can go that way, but\nlet\u0027s try to fix copy_fd_bitmaps() first.\n\n* new helper: bitmap_copy_and_expand(to, from, bits_to_copy, size).\n* make copy_fd_bitmaps() take the bitmap size in words, rather than\nbits; it\u0027s \u0027count\u0027 argument is always a multiple of BITS_PER_LONG,\nso we are not losing any information, and that way we can use the\nsame helper for all three bitmaps - compiler will see that count\nis a multiple of BITS_PER_LONG for the large ones, so it\u0027ll generate\nplain memcpy()+memset().\n\nReproducer added to tools/testing/selftests/core/close_range_test.c"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:27.970Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ee501f827f3db02d4e599afbbc1a7f8b792d05d7"
},
{
"url": "https://git.kernel.org/stable/c/e807487a1d5fd5d941f26578ae826ca815dbfcd6"
},
{
"url": "https://git.kernel.org/stable/c/fe5bf14881701119aeeda7cf685f3c226c7380df"
},
{
"url": "https://git.kernel.org/stable/c/5053581fe5dfb09b58c65dd8462bf5dea71f41ff"
},
{
"url": "https://git.kernel.org/stable/c/8cad3b2b3ab81ca55f37405ffd1315bcc2948058"
},
{
"url": "https://git.kernel.org/stable/c/dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a"
},
{
"url": "https://git.kernel.org/stable/c/c69d18f0ac7060de724511537810f10f29a27958"
},
{
"url": "https://git.kernel.org/stable/c/9a2fa1472083580b6c66bdaf291f591e1170123a"
}
],
"title": "fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45025",
"datePublished": "2024-09-11T15:13:57.732Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2024-12-19T09:20:27.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45018
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
netfilter: flowtable: initialise extack before use
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:48.250822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:02.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5ceff2196dc633c995afb080f6f44a72cff6e1d",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "356beb911b63a8cff34cb57f755c2a2d2ee9dec7",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "7eafeec6be68ebd6140a830ce9ae68ad5b67ec78",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "c7b760499f7791352b49b11667ed04b23d7f5b0f",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "119be227bc04f5035efa64cb823b8a5ca5e2d1c1",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "e9767137308daf906496613fd879808a07f006a2",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:19.988Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d"
},
{
"url": "https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7"
},
{
"url": "https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78"
},
{
"url": "https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f"
},
{
"url": "https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1"
},
{
"url": "https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2"
}
],
"title": "netfilter: flowtable: initialise extack before use",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45018",
"datePublished": "2024-09-11T15:13:53.297Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2024-12-19T09:20:19.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45027
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:46:24.531317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:46:38.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-mem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "770cacc75b0091ece17349195d72133912c1ca7c",
"status": "affected",
"version": "c99b38c412343053e9af187e595793c8805bb9b8",
"versionType": "git"
},
{
"lessThan": "dcdb52d948f3a17ccd3fce757d9bd981d7c32039",
"status": "affected",
"version": "c99b38c412343053e9af187e595793c8805bb9b8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/host/xhci-mem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Check for xhci-\u003einterrupters being allocated in xhci_mem_clearup()\n\nIf xhci_mem_init() fails, it calls into xhci_mem_cleanup() to mop\nup the damage. If it fails early enough, before xhci-\u003einterrupters\nis allocated but after xhci-\u003emax_interrupters has been set, which\nhappens in most (all?) cases, things get uglier, as xhci_mem_cleanup()\nunconditionally derefences xhci-\u003einterrupters. With prejudice.\n\nGate the interrupt freeing loop with a check on xhci-\u003einterrupters\nbeing non-NULL.\n\nFound while debugging a DMA allocation issue that led the XHCI driver\non this exact path."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:30.349Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/770cacc75b0091ece17349195d72133912c1ca7c"
},
{
"url": "https://git.kernel.org/stable/c/dcdb52d948f3a17ccd3fce757d9bd981d7c32039"
}
],
"title": "usb: xhci: Check for xhci-\u003einterrupters being allocated in xhci_mem_clearup()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45027",
"datePublished": "2024-09-11T15:13:59.032Z",
"dateReserved": "2024-08-21T05:34:56.685Z",
"dateUpdated": "2024-12-19T09:20:30.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45014
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
s390/boot: Avoid possible physmem_info segment corruption
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:51.407403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:50:06.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/s390/boot/startup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a944cba5d57687b747023c3bc074fcf9c790f7df",
"status": "affected",
"version": "693d41f7c938f92d881e6a51525e6c132a186afd",
"versionType": "git"
},
{
"lessThan": "d7fd2941ae9a67423d1c7bee985f240e4686634f",
"status": "affected",
"version": "693d41f7c938f92d881e6a51525e6c132a186afd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/s390/boot/startup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/boot: Avoid possible physmem_info segment corruption\n\nWhen physical memory for the kernel image is allocated it does not\nconsider extra memory required for offsetting the image start to\nmatch it with the lower 20 bits of KASLR virtual base address. That\nmight lead to kernel access beyond its memory range."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:15.397Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a944cba5d57687b747023c3bc074fcf9c790f7df"
},
{
"url": "https://git.kernel.org/stable/c/d7fd2941ae9a67423d1c7bee985f240e4686634f"
}
],
"title": "s390/boot: Avoid possible physmem_info segment corruption",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45014",
"datePublished": "2024-09-11T15:13:50.838Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2024-12-19T09:20:15.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45011
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
char: xillybus: Check USB endpoints when probing device
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:50:39.730810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:50:54.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "25ee8b2908200fc862c0434e5ad483817d50ceda",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "4267131278f5cc98f8db31d035d64bdbbfe18658",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "5cff754692ad45d5086b75fef8cc3a99c30a1005",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "1371d32b95972d39c1e6e4bae8b6d0df1b573731",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
},
{
"lessThan": "2374bf7558de915edc6ec8cb10ec3291dfab9594",
"status": "affected",
"version": "a53d1202aef122894b6e46116a92174a9123db5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/char/xillybus/xillyusb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nchar: xillybus: Check USB endpoints when probing device\n\nEnsure, as the driver probes the device, that all endpoints that the\ndriver may attempt to access exist and are of the correct type.\n\nAll XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at\naddress 1. This is verified in xillyusb_setup_base_eps().\n\nOn top of that, a XillyUSB device may have additional Bulk OUT\nendpoints. The information about these endpoints\u0027 addresses is deduced\nfrom a data structure (the IDT) that the driver fetches from the device\nwhile probing it. These endpoints are checked in setup_channels().\n\nA XillyUSB device never has more than one IN endpoint, as all data\ntowards the host is multiplexed in this single Bulk IN endpoint. This is\nwhy setup_channels() only checks OUT endpoints."
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:11.735Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25ee8b2908200fc862c0434e5ad483817d50ceda"
},
{
"url": "https://git.kernel.org/stable/c/4267131278f5cc98f8db31d035d64bdbbfe18658"
},
{
"url": "https://git.kernel.org/stable/c/5cff754692ad45d5086b75fef8cc3a99c30a1005"
},
{
"url": "https://git.kernel.org/stable/c/1371d32b95972d39c1e6e4bae8b6d0df1b573731"
},
{
"url": "https://git.kernel.org/stable/c/2374bf7558de915edc6ec8cb10ec3291dfab9594"
}
],
"title": "char: xillybus: Check USB endpoints when probing device",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45011",
"datePublished": "2024-09-11T15:13:48.969Z",
"dateReserved": "2024-08-21T05:34:56.681Z",
"dateUpdated": "2024-12-19T09:20:11.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45024
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
mm/hugetlb: fix hugetlb vs. core-mm PT locking
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:47:11.835460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:47:26.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/hugetlb.h",
"include/linux/mm.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7300dadba49e531af2d890ae4e34c9b115384a62",
"status": "affected",
"version": "9cb28da54643ad464c47585cd5866c30b0218e67",
"versionType": "git"
},
{
"lessThan": "5f75cfbd6bb02295ddaed48adf667b6c828ce07b",
"status": "affected",
"version": "9cb28da54643ad464c47585cd5866c30b0218e67",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/hugetlb.h",
"include/linux/mm.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix hugetlb vs. core-mm PT locking\n\nWe recently made GUP\u0027s common page table walking code to also walk hugetlb\nVMAs without most hugetlb special-casing, preparing for the future of\nhaving less hugetlb-specific page table walking code in the codebase. \nTurns out that we missed one page table locking detail: page table locking\nfor hugetlb folios that are not mapped using a single PMD/PUD.\n\nAssume we have hugetlb folio that spans multiple PTEs (e.g., 64 KiB\nhugetlb folios on arm64 with 4 KiB base page size). GUP, as it walks the\npage tables, will perform a pte_offset_map_lock() to grab the PTE table\nlock.\n\nHowever, hugetlb that concurrently modifies these page tables would\nactually grab the mm-\u003epage_table_lock: with USE_SPLIT_PTE_PTLOCKS, the\nlocks would differ. Something similar can happen right now with hugetlb\nfolios that span multiple PMDs when USE_SPLIT_PMD_PTLOCKS.\n\nThis issue can be reproduced [1], for example triggering:\n\n[ 3105.936100] ------------[ cut here ]------------\n[ 3105.939323] WARNING: CPU: 31 PID: 2732 at mm/gup.c:142 try_grab_folio+0x11c/0x188\n[ 3105.944634] Modules linked in: [...]\n[ 3105.974841] CPU: 31 PID: 2732 Comm: reproducer Not tainted 6.10.0-64.eln141.aarch64 #1\n[ 3105.980406] Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-4.fc40 05/24/2024\n[ 3105.986185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 3105.991108] pc : try_grab_folio+0x11c/0x188\n[ 3105.994013] lr : follow_page_pte+0xd8/0x430\n[ 3105.996986] sp : ffff80008eafb8f0\n[ 3105.999346] x29: ffff80008eafb900 x28: ffffffe8d481f380 x27: 00f80001207cff43\n[ 3106.004414] x26: 0000000000000001 x25: 0000000000000000 x24: ffff80008eafba48\n[ 3106.009520] x23: 0000ffff9372f000 x22: ffff7a54459e2000 x21: ffff7a546c1aa978\n[ 3106.014529] x20: ffffffe8d481f3c0 x19: 0000000000610041 x18: 0000000000000001\n[ 3106.019506] x17: 0000000000000001 x16: ffffffffffffffff x15: 0000000000000000\n[ 3106.024494] x14: ffffb85477fdfe08 x13: 0000ffff9372ffff x12: 0000000000000000\n[ 3106.029469] x11: 1fffef4a88a96be1 x10: ffff7a54454b5f0c x9 : ffffb854771b12f0\n[ 3106.034324] x8 : 0008000000000000 x7 : ffff7a546c1aa980 x6 : 0008000000000080\n[ 3106.038902] x5 : 00000000001207cf x4 : 0000ffff9372f000 x3 : ffffffe8d481f000\n[ 3106.043420] x2 : 0000000000610041 x1 : 0000000000000001 x0 : 0000000000000000\n[ 3106.047957] Call trace:\n[ 3106.049522] try_grab_folio+0x11c/0x188\n[ 3106.051996] follow_pmd_mask.constprop.0.isra.0+0x150/0x2e0\n[ 3106.055527] follow_page_mask+0x1a0/0x2b8\n[ 3106.058118] __get_user_pages+0xf0/0x348\n[ 3106.060647] faultin_page_range+0xb0/0x360\n[ 3106.063651] do_madvise+0x340/0x598\n\nLet\u0027s make huge_pte_lockptr() effectively use the same PT locks as any\ncore-mm page table walker would. Add ptep_lockptr() to obtain the PTE\npage table lock using a pte pointer -- unfortunately we cannot convert\npte_lockptr() because virt_to_page() doesn\u0027t work with kmap\u0027ed page tables\nwe can have with CONFIG_HIGHPTE.\n\nHandle CONFIG_PGTABLE_LEVELS correctly by checking in reverse order, such\nthat when e.g., CONFIG_PGTABLE_LEVELS==2 with\nPGDIR_SIZE==P4D_SIZE==PUD_SIZE==PMD_SIZE will work as expected. Document\nwhy that works.\n\nThere is one ugly case: powerpc 8xx, whereby we have an 8 MiB hugetlb\nfolio being mapped using two PTE page tables. While hugetlb wants to take\nthe PMD table lock, core-mm would grab the PTE table lock of one of both\nPTE page tables. In such corner cases, we have to make sure that both\nlocks match, which is (fortunately!) currently guaranteed for 8xx as it\ndoes not support SMP and consequently doesn\u0027t use split PT locks.\n\n[1] https://lore.kernel.org/all/1bbfcc7f-f222-45a5-ac44-c5a1381c596d@redhat.com/"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:26.847Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7300dadba49e531af2d890ae4e34c9b115384a62"
},
{
"url": "https://git.kernel.org/stable/c/5f75cfbd6bb02295ddaed48adf667b6c828ce07b"
}
],
"title": "mm/hugetlb: fix hugetlb vs. core-mm PT locking",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45024",
"datePublished": "2024-09-11T15:13:57.076Z",
"dateReserved": "2024-08-21T05:34:56.684Z",
"dateUpdated": "2024-12-19T09:20:26.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45015
Vulnerability from cvelistv5
Published
2024-09-11 15:13
Modified
2024-12-19 09:20
Severity ?
EPSS score ?
Summary
drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:49:35.395153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:49.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3fb61718bcbe309279205d1cc275a6435611dc77",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "3bacf814b6a61cc683c68465f175ebd938f09c52",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
},
{
"lessThan": "aedf02e46eb549dac8db4821a6b9f0c6bf6e3990",
"status": "affected",
"version": "25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.19"
},
{
"lessThan": "4.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: move dpu_encoder\u0027s connector assignment to atomic_enable()\n\nFor cases where the crtc\u0027s connectors_changed was set without enable/active\ngetting toggled , there is an atomic_enable() call followed by an\natomic_disable() but without an atomic_mode_set().\n\nThis results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in\nthe atomic_enable() as the dpu_encoder\u0027s connector was cleared in the\natomic_disable() but not re-assigned as there was no atomic_mode_set() call.\n\nFix the NULL ptr access by moving the assignment for atomic_enable() and also\nuse drm_atomic_get_new_connector_for_encoder() to get the connector from\nthe atomic_state.\n\nPatchwork: https://patchwork.freedesktop.org/patch/606729/"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T09:20:16.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3fb61718bcbe309279205d1cc275a6435611dc77"
},
{
"url": "https://git.kernel.org/stable/c/3bacf814b6a61cc683c68465f175ebd938f09c52"
},
{
"url": "https://git.kernel.org/stable/c/aedf02e46eb549dac8db4821a6b9f0c6bf6e3990"
}
],
"title": "drm/msm/dpu: move dpu_encoder\u0027s connector assignment to atomic_enable()",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45015",
"datePublished": "2024-09-11T15:13:51.441Z",
"dateReserved": "2024-08-21T05:34:56.682Z",
"dateUpdated": "2024-12-19T09:20:16.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.