diff --git a/mapping.csv b/mapping.csv index 2afa3902946..22d4979d800 100644 --- a/mapping.csv +++ b/mapping.csv @@ -261130,3 +261130,351 @@ vulnerability,CVE-2024-56519,vulnerability--b19051b3-5494-4fc8-ad1a-c8c7c3a03274 vulnerability,CVE-2024-56521,vulnerability--4fb1ec21-0db7-470e-bdd5-1b1013d2f5fd vulnerability,CVE-2024-56522,vulnerability--85bcd03d-c143-41c0-beca-ac8e8d63f8db vulnerability,CVE-2024-56527,vulnerability--e638acda-9473-4563-8980-ac80f39f1db1 +vulnerability,CVE-2024-12238,vulnerability--873b8c57-f550-4b4a-9b83-5d8b00318103 +vulnerability,CVE-2024-12856,vulnerability--be165f02-f1c7-40c5-ac81-0bc32fdace64 +vulnerability,CVE-2024-12978,vulnerability--6c31b0bf-36e4-4423-9251-1186efa56359 +vulnerability,CVE-2024-12977,vulnerability--9e219eab-224e-46d1-ba60-8870bb240bc7 +vulnerability,CVE-2024-12981,vulnerability--1227ad00-de37-4fac-a48e-2bde887a30c8 +vulnerability,CVE-2024-12983,vulnerability--1eb761c9-9939-42fa-a2bc-00d869c4ed81 +vulnerability,CVE-2024-12979,vulnerability--1bccb5d2-4793-4acb-bf21-5f440a978f00 +vulnerability,CVE-2024-12982,vulnerability--c7b5b0e4-e076-4d78-86c8-5e91717bfd79 +vulnerability,CVE-2024-12980,vulnerability--26985443-1db3-4afb-a18e-01841d7b0636 +vulnerability,CVE-2024-12976,vulnerability--dab40c10-d5c9-4019-821f-45487119f544 +vulnerability,CVE-2024-9774,vulnerability--1cf7dce7-9e85-4237-a5a7-00b1d2f18551 +vulnerability,CVE-2024-11605,vulnerability--84c1946b-2b61-4eba-a37a-009a243feb60 +vulnerability,CVE-2024-11842,vulnerability--9e258485-0093-422a-bf89-7de4d83b037b +vulnerability,CVE-2024-11921,vulnerability--508429a9-5ec3-4f2e-b78f-744698fe8cf5 +vulnerability,CVE-2024-11645,vulnerability--78d02f7f-d6b0-4bd8-8eee-68ce2a3cc267 +vulnerability,CVE-2024-11644,vulnerability--3204b58d-1401-4718-9e7a-501ef8d3d014 +vulnerability,CVE-2024-3393,vulnerability--1cc20f60-114a-4d1e-be5d-37930cad5ec3 +vulnerability,CVE-2024-53184,vulnerability--7c140949-e686-47c7-ba1f-1615898cd258 +vulnerability,CVE-2024-53220,vulnerability--3cdf1aa7-4f64-48aa-ae98-b667b3887eb7 +vulnerability,CVE-2024-53217,vulnerability--b7bc00d5-6561-44c5-a06d-0d8d75a8e168 +vulnerability,CVE-2024-53168,vulnerability--e5d487b9-d5b3-47a2-8e69-c3583b907ccd +vulnerability,CVE-2024-53227,vulnerability--9e9918b3-65c6-47ee-a376-ca86bda38456 +vulnerability,CVE-2024-53216,vulnerability--1804171d-d2e1-47af-b4f3-f05becc628c6 +vulnerability,CVE-2024-53202,vulnerability--35969143-9a30-46be-9b73-7e7f741038fb +vulnerability,CVE-2024-53183,vulnerability--d7b03194-92fa-4ec0-8cef-46691d7c6e8f +vulnerability,CVE-2024-53232,vulnerability--26098beb-144f-4bb9-9018-16d345252e58 +vulnerability,CVE-2024-53221,vulnerability--915dd204-ef39-4b74-bc84-954b8e0f6af1 +vulnerability,CVE-2024-53212,vulnerability--dabf74c6-4963-4dd3-bc3f-d7e722040a37 +vulnerability,CVE-2024-53185,vulnerability--4b1808ff-a3f8-4ab2-9d61-0130ccea6282 +vulnerability,CVE-2024-53190,vulnerability--f42a0529-db32-415f-a11b-d64b45eeded8 +vulnerability,CVE-2024-53170,vulnerability--a08eb277-1a57-474e-86a9-b715a0429cf8 +vulnerability,CVE-2024-53176,vulnerability--33d98a3a-b928-4022-869f-6a1aa4915b9a +vulnerability,CVE-2024-53175,vulnerability--c976512b-f37d-4d4b-8a87-23f0c8e12a74 +vulnerability,CVE-2024-53174,vulnerability--7377dbe0-6998-427d-83b7-e4806fdeff10 +vulnerability,CVE-2024-53235,vulnerability--249b6df6-922e-4804-94aa-795e87f598d0 +vulnerability,CVE-2024-53171,vulnerability--42e68b3f-74b8-411c-984a-fd6394c2d69f +vulnerability,CVE-2024-53204,vulnerability--01694d05-8394-4954-9581-1fd1e01e74db +vulnerability,CVE-2024-53195,vulnerability--81e4f762-e885-4bcb-a086-a6f321dd2e3b +vulnerability,CVE-2024-53236,vulnerability--45d9d5ba-9067-4106-8a42-aa99e56b3b17 +vulnerability,CVE-2024-53225,vulnerability--fdb29723-0a5c-4e1d-a365-655583036cbd +vulnerability,CVE-2024-53208,vulnerability--486461ef-9e41-4f55-a0f7-70c41e9eeef8 +vulnerability,CVE-2024-53234,vulnerability--b1fc5f84-9d76-438b-b014-a12679c1ff03 +vulnerability,CVE-2024-53194,vulnerability--1c1ef40e-e285-47e2-9f31-721cb5656cca +vulnerability,CVE-2024-53166,vulnerability--4c03e78b-92c8-4e80-880b-0d9e3c6d5f7b +vulnerability,CVE-2024-53224,vulnerability--1358f56a-da0f-4cfd-a045-9f1c29d73f73 +vulnerability,CVE-2024-53198,vulnerability--ce856f47-13ba-4119-8ea0-45cbe96e4456 +vulnerability,CVE-2024-53210,vulnerability--ec1aabef-08a0-4b97-ae5c-e772b7b84a86 +vulnerability,CVE-2024-53213,vulnerability--1d50a860-90ea-48f8-b63f-b1ae76354645 +vulnerability,CVE-2024-53188,vulnerability--8470db45-f3bd-4e4e-a07b-f13dbcedcd2f +vulnerability,CVE-2024-53214,vulnerability--e28e0342-4ba2-44fc-8139-471b4f53d1ff +vulnerability,CVE-2024-53205,vulnerability--c744b7d3-731f-494b-b651-e4b953c3989c +vulnerability,CVE-2024-53218,vulnerability--08843908-699b-4c4b-b211-f41355f3004f +vulnerability,CVE-2024-53200,vulnerability--c7662fb0-0043-488f-9418-49b93e8d36ab +vulnerability,CVE-2024-53206,vulnerability--28583d35-18f4-4e92-8a07-3fcdaf795419 +vulnerability,CVE-2024-53226,vulnerability--93a02567-f61f-4743-9000-68fbfc9f3433 +vulnerability,CVE-2024-53239,vulnerability--7b3a649a-b05e-4328-bce7-7ff5dc99a388 +vulnerability,CVE-2024-53192,vulnerability--26a3df5a-5515-4822-bd43-809cd8fc0c77 +vulnerability,CVE-2024-53209,vulnerability--8557ea95-2797-4952-9db7-c4182289ebf7 +vulnerability,CVE-2024-53228,vulnerability--6c70ec2b-dde3-4dd5-8272-61999629f4f6 +vulnerability,CVE-2024-53191,vulnerability--19627169-def4-4c5b-ab58-8cf3b5210db6 +vulnerability,CVE-2024-53169,vulnerability--20e25ba2-0d41-4147-883a-e68a0b896f16 +vulnerability,CVE-2024-53165,vulnerability--a9426c44-8a78-4f8b-933d-e2e4ddf8ddbe +vulnerability,CVE-2024-53187,vulnerability--34f8bc7b-1a9a-4c7f-a143-754f5add5753 +vulnerability,CVE-2024-53238,vulnerability--0c437a77-8eff-4a50-b31b-74b35d452d09 +vulnerability,CVE-2024-53215,vulnerability--08f51825-e1b8-471f-9fe8-29c82ce42652 +vulnerability,CVE-2024-53167,vulnerability--9993ae1e-6ae8-4c81-bca6-d17bd4e3a045 +vulnerability,CVE-2024-53178,vulnerability--f3d774f2-ae2e-49a8-a010-ba29c8d6c0ce +vulnerability,CVE-2024-53180,vulnerability--cc6411f1-dd5e-4d61-9e7a-e719d96a0869 +vulnerability,CVE-2024-53189,vulnerability--71d44c8c-b6e5-4c87-bd40-b7ed6743bdf4 +vulnerability,CVE-2024-53229,vulnerability--a81c4c49-7b9e-4d37-b4a8-f9499a877a8c +vulnerability,CVE-2024-53222,vulnerability--a2722ad8-d8d3-4751-adc7-942b88ac9e5f +vulnerability,CVE-2024-53203,vulnerability--7e0c74fa-e47e-4f27-8ecb-34f0cc2b68c4 +vulnerability,CVE-2024-53164,vulnerability--1207b6d9-197b-48d6-95a6-816d2c0d43d3 +vulnerability,CVE-2024-53173,vulnerability--0c5adf6f-47ba-453b-bcc4-22d46b1a9c3e +vulnerability,CVE-2024-53237,vulnerability--16b9027f-2f0a-4dcb-8fbe-84d80feb380e +vulnerability,CVE-2024-53219,vulnerability--a3fcf538-fffe-4515-b965-3ad56441af8a +vulnerability,CVE-2024-53179,vulnerability--6e84145a-bef8-4f2d-ab89-04c71109baaf +vulnerability,CVE-2024-53177,vulnerability--a0f043f8-e7f1-455a-acf8-4431966ce29b +vulnerability,CVE-2024-53182,vulnerability--ba0a4e11-59e4-47fc-93ac-67d7deb8ce35 +vulnerability,CVE-2024-53196,vulnerability--840548da-cf4a-4537-99ea-d5328b4876f9 +vulnerability,CVE-2024-53231,vulnerability--865bc487-cc21-4a13-8d58-29a204170112 +vulnerability,CVE-2024-53211,vulnerability--538a95b2-3aaf-421b-b1ba-7dd124aca9d1 +vulnerability,CVE-2024-53181,vulnerability--61613110-b2d1-41da-93f1-5354340086cf +vulnerability,CVE-2024-53233,vulnerability--92b17b37-1419-4f5c-b407-ed3259c22ccf +vulnerability,CVE-2024-53201,vulnerability--1c5ba6b0-eed2-4a07-9fbd-a11953e83d37 +vulnerability,CVE-2024-53207,vulnerability--d12f47af-db6a-40cf-ae90-c4bd72ba0fe6 +vulnerability,CVE-2024-53197,vulnerability--e0f82b8b-44ee-4ba0-aee6-7b2834dda586 +vulnerability,CVE-2024-53230,vulnerability--3429714e-c6e5-4f27-b033-fac53545b840 +vulnerability,CVE-2024-53186,vulnerability--c3b4ea6b-8993-4f16-9058-1836b6a33020 +vulnerability,CVE-2024-53193,vulnerability--b9e7ee5d-a64d-49c8-8c15-e7d67755f7ed +vulnerability,CVE-2024-53199,vulnerability--c80e5d55-2b38-4e17-9328-40b39898e05f +vulnerability,CVE-2024-53223,vulnerability--5d451005-1562-4c7c-86b9-9b0ce0a9c9ef +vulnerability,CVE-2024-53172,vulnerability--86755f23-6b89-4007-be20-ae071b6f77b8 +vulnerability,CVE-2024-56602,vulnerability--6de1583a-74ad-4405-84ec-1e9928dfe3e3 +vulnerability,CVE-2024-56684,vulnerability--ff3c1298-df21-490d-bae2-353a8a65201a +vulnerability,CVE-2024-56724,vulnerability--8e852109-5b7a-4d82-9450-931df48d3eca +vulnerability,CVE-2024-56563,vulnerability--4d4effe8-596d-4fad-bf02-66b4fb5c73a4 +vulnerability,CVE-2024-56639,vulnerability--f50d6f6f-8a20-4cc0-a4f8-899fb80dbb49 +vulnerability,CVE-2024-56564,vulnerability--0c415ade-3ade-442b-97f9-fa627e210463 +vulnerability,CVE-2024-56571,vulnerability--812144cd-5cee-47b4-ad74-927e55f94be9 +vulnerability,CVE-2024-56558,vulnerability--deecfefb-e150-4fde-9013-f431eb10b356 +vulnerability,CVE-2024-56614,vulnerability--8b47c186-cdda-4371-ba52-eba5b2ebc7de +vulnerability,CVE-2024-56585,vulnerability--ea77bbf2-e59d-498a-9785-d1e4a4583fa2 +vulnerability,CVE-2024-56556,vulnerability--513c8813-40ff-4908-935f-c7f2dbda0190 +vulnerability,CVE-2024-56660,vulnerability--af872378-8208-4241-be3e-5171ca4bac57 +vulnerability,CVE-2024-56727,vulnerability--33083791-81e4-4100-acd5-d43c73d3d0f7 +vulnerability,CVE-2024-56673,vulnerability--2a1cf0e9-ee0f-4ace-bb94-40abaa463143 +vulnerability,CVE-2024-56690,vulnerability--ba0b6e76-58da-449b-94fc-e6fedbf019f7 +vulnerability,CVE-2024-56581,vulnerability--4cedd43d-6bf6-447d-8420-f80f5899626b +vulnerability,CVE-2024-56710,vulnerability--70244656-2f65-4bb7-8478-7cf34a6ba3a9 +vulnerability,CVE-2024-56567,vulnerability--9a53af65-241d-4cc0-b5c4-54d78d508c73 +vulnerability,CVE-2024-56677,vulnerability--db4a0ece-b02d-4ac4-9677-eb9c2f6cea71 +vulnerability,CVE-2024-56672,vulnerability--c2449a04-0803-4b46-817c-1c851deffbfc +vulnerability,CVE-2024-56595,vulnerability--fb66e757-35ef-40ea-9a0a-576b292b69d9 +vulnerability,CVE-2024-56754,vulnerability--6a3f4b74-124d-47e9-ad36-f9642ede0314 +vulnerability,CVE-2024-56611,vulnerability--f2577b30-7912-4048-a4da-807f0cddb2f4 +vulnerability,CVE-2024-56689,vulnerability--4f016a3e-a327-4813-bee5-e37b2591d944 +vulnerability,CVE-2024-56680,vulnerability--26f84b0b-fa36-4c5c-94d5-aa43d25727aa +vulnerability,CVE-2024-56664,vulnerability--8dde132a-b6fa-4264-ad02-a98ab472d29f +vulnerability,CVE-2024-56576,vulnerability--51c1480a-7f93-4e3d-81ae-7780bda03fb4 +vulnerability,CVE-2024-56599,vulnerability--f3d7831c-1217-4521-8eb4-6859ee7a02e9 +vulnerability,CVE-2024-56580,vulnerability--2480729f-fc23-43d2-a408-9bc43857723c +vulnerability,CVE-2024-56619,vulnerability--6aa411c2-2558-49af-acb4-26d362780116 +vulnerability,CVE-2024-56719,vulnerability--e03920d3-5f38-496b-858a-37dc97dcd6bf +vulnerability,CVE-2024-56704,vulnerability--3f0064da-6971-4e99-8443-69bbe43ce410 +vulnerability,CVE-2024-56670,vulnerability--480469b5-fd06-4998-a1b0-44295fa7657f +vulnerability,CVE-2024-56577,vulnerability--dcedcc6f-9698-443c-bff1-3555405006ad +vulnerability,CVE-2024-56632,vulnerability--6a216796-a7e7-4830-8628-12e3868af705 +vulnerability,CVE-2024-56756,vulnerability--2d605d6d-3ccc-41ac-a846-ba1ef9f65047 +vulnerability,CVE-2024-56700,vulnerability--441e1a1a-3537-4ec9-8560-0b23eb94c874 +vulnerability,CVE-2024-56709,vulnerability--1927ad52-8d83-40ab-b500-e55bd58d9c19 +vulnerability,CVE-2024-56573,vulnerability--499ab615-358f-4ca6-a9d7-dc235bcca284 +vulnerability,CVE-2024-56694,vulnerability--89c8770b-57b4-464c-88c7-e7d8374eb8c6 +vulnerability,CVE-2024-56628,vulnerability--fdf357b7-8ed7-47d3-a83c-a70c1a2c965d +vulnerability,CVE-2024-56712,vulnerability--fecb65d9-444d-483f-9f20-75846fecd153 +vulnerability,CVE-2024-56547,vulnerability--c2cbe279-f379-4ff8-9575-dbc28c1cb1a0 +vulnerability,CVE-2024-56656,vulnerability--e44cb4a7-fe6e-4452-8995-704a5593e8d2 +vulnerability,CVE-2024-56562,vulnerability--e9ebb240-dd81-4463-9285-95a34c8cca57 +vulnerability,CVE-2024-56635,vulnerability--e428565d-93fd-4522-a2af-4f41127257d6 +vulnerability,CVE-2024-56616,vulnerability--c7f61b52-a85a-4fe7-8b9b-ded12ec4189c +vulnerability,CVE-2024-56715,vulnerability--fbcad66d-d06b-4944-bbb3-79a1463adb81 +vulnerability,CVE-2024-56553,vulnerability--03e4bcda-abe3-4cd3-95df-49aa95edc844 +vulnerability,CVE-2024-56755,vulnerability--da651bd4-7571-420b-a657-ee09c3f10cd9 +vulnerability,CVE-2024-56674,vulnerability--fb9cfb86-7d7c-436c-82cb-cbbd9c23f92a +vulnerability,CVE-2024-56669,vulnerability--e4cdd463-db3b-46d8-a3e9-486fde0c1cdc +vulnerability,CVE-2024-56683,vulnerability--06879b80-2635-48ed-9ee8-b053e3fa5fb6 +vulnerability,CVE-2024-56663,vulnerability--ee917918-2cbf-41a1-9767-49769100d757 +vulnerability,CVE-2024-56596,vulnerability--032fbc4f-d4cf-49a4-b5d3-1658fc62809b +vulnerability,CVE-2024-56536,vulnerability--dd1ed0e2-22d0-4ae4-9747-7d97dd630379 +vulnerability,CVE-2024-56593,vulnerability--896d430a-85d5-45de-9e64-923d3542c18a +vulnerability,CVE-2024-56601,vulnerability--7ebc1930-2515-469d-af13-224d73c148c6 +vulnerability,CVE-2024-56699,vulnerability--ca76ab2a-b1f2-40fd-84a6-441e9fd360a4 +vulnerability,CVE-2024-56720,vulnerability--d8222aca-6dd3-4386-b976-307002c2076b +vulnerability,CVE-2024-56653,vulnerability--d4bc7cfa-7493-443b-9488-4c3b2805c8a4 +vulnerability,CVE-2024-56645,vulnerability--f3448fee-65fe-4b1a-8ab7-50896fc64774 +vulnerability,CVE-2024-56541,vulnerability--2c673888-d50d-4f95-bcd0-11d24df8296c +vulnerability,CVE-2024-56555,vulnerability--81109ce0-86ce-4a6b-a42a-dbfa74024bf3 +vulnerability,CVE-2024-56655,vulnerability--cced4cbb-7c5a-4fa7-868c-1746dacc8ed7 +vulnerability,CVE-2024-56542,vulnerability--fcbd43c1-590e-40a3-9532-10db3accf723 +vulnerability,CVE-2024-56589,vulnerability--b59bccc2-bb00-46b4-a37f-609e9f0f588a +vulnerability,CVE-2024-56507,vulnerability--d66f1490-1de8-463b-9a6b-9dd05476406e +vulnerability,CVE-2024-56615,vulnerability--dd6fb510-9621-4ef4-935b-773d759aef11 +vulnerability,CVE-2024-56612,vulnerability--93ef83e9-b8cb-4ba7-9110-ae7a0f062c53 +vulnerability,CVE-2024-56607,vulnerability--c4036217-c5dd-4cce-99b1-5c7e80e197c6 +vulnerability,CVE-2024-56679,vulnerability--96c4ea43-1169-46f8-a0af-1ac18a5f13c7 +vulnerability,CVE-2024-56650,vulnerability--72966e8a-9b0c-4172-91a2-e81e3d4bd029 +vulnerability,CVE-2024-56626,vulnerability--4ef0294f-15ef-4bbd-a45d-78604c13bac4 +vulnerability,CVE-2024-56559,vulnerability--032bc7e8-033a-4d8c-a5e5-ac0eefcab182 +vulnerability,CVE-2024-56579,vulnerability--fd4ec900-0bc4-4a94-b427-fd2206b002e9 +vulnerability,CVE-2024-56537,vulnerability--5fb30f5f-8cb3-40f1-b787-4b1e3c8749fa +vulnerability,CVE-2024-56552,vulnerability--706dccde-417d-4c72-89e6-7dfd610a97ad +vulnerability,CVE-2024-56654,vulnerability--f0ace79d-1b61-41c5-8420-d8aff6f48673 +vulnerability,CVE-2024-56557,vulnerability--8e408a6c-a279-405c-a382-1b98a92f6a88 +vulnerability,CVE-2024-56578,vulnerability--f58741b9-bed7-4a73-adfd-61bc440d3a27 +vulnerability,CVE-2024-56591,vulnerability--44d351d7-09ba-4147-99af-bfae16a00061 +vulnerability,CVE-2024-56682,vulnerability--9c5727d5-a1aa-4245-8148-f049e0a662e0 +vulnerability,CVE-2024-56711,vulnerability--368ee899-4bc2-4456-afd9-5fdbd07f41c2 +vulnerability,CVE-2024-56668,vulnerability--e92fd9a9-7432-4d5b-b98e-44c94985cc11 +vulnerability,CVE-2024-56685,vulnerability--99583bc2-b1a1-4f41-890d-4f572ccc76f3 +vulnerability,CVE-2024-56618,vulnerability--7b22f689-6940-4619-90d0-d81e9df244cc +vulnerability,CVE-2024-56686,vulnerability--8cbea0f3-c391-4f62-a8cf-83815df01279 +vulnerability,CVE-2024-56630,vulnerability--42172b37-fb2c-4246-9dae-d8e73d75d7ee +vulnerability,CVE-2024-56540,vulnerability--a6336cb8-6e22-412b-b10a-60dbf11e1c61 +vulnerability,CVE-2024-56508,vulnerability--5393887f-c85e-453d-96a0-2a0aac2a1081 +vulnerability,CVE-2024-56707,vulnerability--50174d09-3df7-4144-930e-bddc9066e02d +vulnerability,CVE-2024-56649,vulnerability--7e8c5e36-e151-4162-b121-877f06db9f3b +vulnerability,CVE-2024-56636,vulnerability--026cc885-2a79-4e27-9c79-43aa5ba5e260 +vulnerability,CVE-2024-56666,vulnerability--7b1a148f-a238-46d0-8336-c3f8fda1f894 +vulnerability,CVE-2024-56728,vulnerability--4bf9d456-1383-474b-b866-d07ffc94885d +vulnerability,CVE-2024-56549,vulnerability--307e6947-e6d2-4b38-a2fb-fb4a41acadb8 +vulnerability,CVE-2024-56706,vulnerability--e0ce3bb5-7e88-4cc0-8290-64623ce38c6e +vulnerability,CVE-2024-56545,vulnerability--00d563a7-a0de-4ec2-ae7a-bba677e0f98b +vulnerability,CVE-2024-56696,vulnerability--44f7c7af-4604-4a85-9514-d8c9d8c31c37 +vulnerability,CVE-2024-56688,vulnerability--ce82c53c-0299-4a2b-bf7b-e5a0287bcea0 +vulnerability,CVE-2024-56691,vulnerability--993d2e05-e547-47dd-8423-b72174211a0e +vulnerability,CVE-2024-56658,vulnerability--16724c59-608d-48ff-9130-e4c0c0e97a4b +vulnerability,CVE-2024-56647,vulnerability--9ade7a8d-2fe1-42f1-b1b4-b0a48c85d44e +vulnerability,CVE-2024-56667,vulnerability--c5951e95-81be-4ff8-8a19-5ff07dac3667 +vulnerability,CVE-2024-56566,vulnerability--c0c85790-d6a2-4e84-b8a8-676ec9e83e82 +vulnerability,CVE-2024-56678,vulnerability--11b3530c-aa69-4967-985b-efb0f51eb60a +vulnerability,CVE-2024-56590,vulnerability--00ae05fa-7a09-4170-97a9-fa48aba0e6b1 +vulnerability,CVE-2024-56598,vulnerability--d91001cb-fdba-4655-a231-47f06682dd3b +vulnerability,CVE-2024-56726,vulnerability--17ff69b0-544f-47ee-af9d-c81595af1a44 +vulnerability,CVE-2024-56554,vulnerability--7eb217bc-bfcf-4ded-8bb1-e03cf49a0daa +vulnerability,CVE-2024-56714,vulnerability--c5232995-969b-4ec8-abce-5dcfbe5a2ae7 +vulnerability,CVE-2024-56638,vulnerability--e74914d8-35be-4fc8-8c97-ae8c59a494c8 +vulnerability,CVE-2024-56509,vulnerability--5bb3c3b9-4683-465b-be3e-4d76f4d6f6dd +vulnerability,CVE-2024-56753,vulnerability--508666fc-3c0f-44f8-ac5e-7533d9818791 +vulnerability,CVE-2024-56697,vulnerability--af99d5ad-cb00-4c66-9b2c-397c1e97d5a2 +vulnerability,CVE-2024-56561,vulnerability--68e5c199-b765-4d5e-94cb-b772123b393c +vulnerability,CVE-2024-56560,vulnerability--5102ee24-e900-40d1-b1e4-ee12187fb25e +vulnerability,CVE-2024-56738,vulnerability--3cbff447-8dcb-4320-a6c3-dff98c34af20 +vulnerability,CVE-2024-56692,vulnerability--27ed1566-0662-4e3b-8f7f-f7597231cef2 +vulnerability,CVE-2024-56575,vulnerability--765356e0-c732-4c45-a7d8-8c6b93cd968c +vulnerability,CVE-2024-56603,vulnerability--752a402e-bc59-4a78-ab14-a0a2a88d28cf +vulnerability,CVE-2024-56586,vulnerability--1c08aa72-e89c-426d-9eaa-adf065500df3 +vulnerability,CVE-2024-56569,vulnerability--52ea1d91-aa46-4c30-8e35-6118472e9fa7 +vulnerability,CVE-2024-56718,vulnerability--bc1982ee-458e-4341-a46b-5c2e137d937d +vulnerability,CVE-2024-56708,vulnerability--d437c148-9472-4c48-b976-83acf51e65c9 +vulnerability,CVE-2024-56737,vulnerability--b7c3b941-8924-4970-b4d4-efe213e40954 +vulnerability,CVE-2024-56609,vulnerability--174cdeba-21fd-4dda-bf27-d1637308c995 +vulnerability,CVE-2024-56644,vulnerability--b1480676-4d9c-47a0-955d-a3c9364e1a47 +vulnerability,CVE-2024-56646,vulnerability--546445b5-4cec-4ec4-ab26-da09d610450b +vulnerability,CVE-2024-56583,vulnerability--7e5b11a1-124f-4198-ae5d-e4902121d36b +vulnerability,CVE-2024-56565,vulnerability--228ecd4d-3e4d-4791-aa03-7d1d99900695 +vulnerability,CVE-2024-56717,vulnerability--31a30e01-ffc4-448a-8d53-e9675d63adc7 +vulnerability,CVE-2024-56621,vulnerability--98e3d84b-4629-45df-b718-a69b492caf77 +vulnerability,CVE-2024-56587,vulnerability--0654e9b4-809c-4e06-94d4-6812540be326 +vulnerability,CVE-2024-56642,vulnerability--89f79a84-6494-4787-b476-ac3ef56e4bbf +vulnerability,CVE-2024-56687,vulnerability--cabad925-2a20-4d11-8b23-6cfddedd3fb5 +vulnerability,CVE-2024-56675,vulnerability--4db55808-81d6-4a2b-a6b8-6ca5085eb471 +vulnerability,CVE-2024-56651,vulnerability--a263c86c-a16b-4108-8155-f0cc4b0e31bf +vulnerability,CVE-2024-56640,vulnerability--d4964597-213f-4b25-8ff5-22ba359d0cf0 +vulnerability,CVE-2024-56538,vulnerability--91eabcc2-0215-4ddf-991c-a011f6f3d262 +vulnerability,CVE-2024-56622,vulnerability--e58c3b63-f12c-4fd5-8c6b-5adb5031e084 +vulnerability,CVE-2024-56634,vulnerability--32be6e42-5e2e-41d7-8e84-4f9cbc6251d1 +vulnerability,CVE-2024-56629,vulnerability--b4662e3f-db96-4a03-8ff5-6ca4bd6bf48a +vulnerability,CVE-2024-56543,vulnerability--ceaeea68-ef7e-4a79-8ab5-2d32614668cb +vulnerability,CVE-2024-56729,vulnerability--deabadbe-5a3f-4603-8542-44d2aeedb918 +vulnerability,CVE-2024-56633,vulnerability--c37471b8-8801-4412-80a7-6c72acf42078 +vulnerability,CVE-2024-56723,vulnerability--26d1ea0c-5ba4-4018-b0d0-12a5a7397420 +vulnerability,CVE-2024-56604,vulnerability--924b5512-919d-42c0-b31c-a0dd90363142 +vulnerability,CVE-2024-56588,vulnerability--93d38718-25a9-4f24-942c-b86a438cb81a +vulnerability,CVE-2024-56624,vulnerability--b698c403-fee4-4521-b5f7-cf77343edd34 +vulnerability,CVE-2024-56730,vulnerability--17612a28-74ed-4176-8a44-b39190d21793 +vulnerability,CVE-2024-56637,vulnerability--153b19a9-2259-471f-ae84-e1b28f7ff61b +vulnerability,CVE-2024-56695,vulnerability--5df5d43a-6780-4732-a881-c75e35a05cf8 +vulnerability,CVE-2024-56641,vulnerability--47986c6c-e3f3-41c9-b81e-b722f924a929 +vulnerability,CVE-2024-56681,vulnerability--8739256f-0d52-42dc-83b0-1883d704fa98 +vulnerability,CVE-2024-56550,vulnerability--3eac7649-0aef-437d-96ad-914cb847ef6f +vulnerability,CVE-2024-56613,vulnerability--a8ab9d80-79d1-4c65-ba73-e303568a6311 +vulnerability,CVE-2024-56705,vulnerability--a3392796-6a2b-4b10-8596-b781dc6c3681 +vulnerability,CVE-2024-56597,vulnerability--e7f3a344-3d06-4db6-8332-e21af272cd7e +vulnerability,CVE-2024-56627,vulnerability--7150acfd-5b25-40f5-92a5-ac209ff9bc29 +vulnerability,CVE-2024-56620,vulnerability--a28fa603-fd0d-4e18-b68c-b6b7ca594daa +vulnerability,CVE-2024-56605,vulnerability--11b7743f-ec5f-441e-9ee5-db290d64ea4a +vulnerability,CVE-2024-56584,vulnerability--4b2d712d-750e-4588-95ad-8de74405f070 +vulnerability,CVE-2024-56570,vulnerability--810b5cae-995e-4d46-9a5c-851ed8d28560 +vulnerability,CVE-2024-56701,vulnerability--04a3c6ca-80f2-4270-bb4a-7f6ff69e3e3e +vulnerability,CVE-2024-56574,vulnerability--5e005cba-aae2-49b8-a6d0-5b304092aea9 +vulnerability,CVE-2024-56600,vulnerability--69f40490-960f-4bed-86aa-50f51cd1cc3a +vulnerability,CVE-2024-56676,vulnerability--080f3ab8-5bdd-47a1-b3c7-6f1e4ce15aa4 +vulnerability,CVE-2024-56592,vulnerability--f1fbc60f-1026-4c74-9d41-0cad36cd472d +vulnerability,CVE-2024-56610,vulnerability--2713a122-6a60-4d1f-a08b-45ac0c6c8f13 +vulnerability,CVE-2024-56512,vulnerability--b87d3a79-9b40-42fe-89c3-aa0038e658e1 +vulnerability,CVE-2024-56661,vulnerability--9e25fb27-6964-49b2-8a18-4468b9ebae48 +vulnerability,CVE-2024-56608,vulnerability--94690675-5574-4021-9acc-a5ae091859c5 +vulnerability,CVE-2024-56702,vulnerability--d3040a14-d99e-4322-968f-b16e95be4382 +vulnerability,CVE-2024-56698,vulnerability--4530eb25-2683-4082-a53d-02fb9030ff6f +vulnerability,CVE-2024-56722,vulnerability--72d0fc53-1586-41bd-a9a2-1ae0a352f483 +vulnerability,CVE-2024-56716,vulnerability--1c2ef83c-dcb9-4a95-9dd7-2913edbab818 +vulnerability,CVE-2024-56721,vulnerability--a4a9d5d5-4b68-4295-b81d-7a29bdbd768b +vulnerability,CVE-2024-56582,vulnerability--3aa12f55-2316-49c5-8e9b-9ad57407744b +vulnerability,CVE-2024-56725,vulnerability--6d28af88-30d1-47fc-ad02-4879bf266886 +vulnerability,CVE-2024-56652,vulnerability--c8beb5d0-8977-43c8-9570-eb2e872b2046 +vulnerability,CVE-2024-56643,vulnerability--12bbd1c6-91be-4a81-ad12-0273a6379e20 +vulnerability,CVE-2024-56572,vulnerability--4ef861e1-6633-431a-8605-b3e6ed886ed1 +vulnerability,CVE-2024-56625,vulnerability--0723d1f5-5d29-4646-9342-3858f5899e92 +vulnerability,CVE-2024-56665,vulnerability--3c6f7c46-1abc-41c7-bfbc-ad18a5e141af +vulnerability,CVE-2024-56662,vulnerability--b0bf08b7-b60b-447f-af88-d583fbbba80e +vulnerability,CVE-2024-56568,vulnerability--5aede400-c740-435a-ae16-8a8fea2678ad +vulnerability,CVE-2024-56659,vulnerability--a9032918-b62c-43fe-a0df-d6c84782f0cc +vulnerability,CVE-2024-56539,vulnerability--fddbdd18-590c-436e-be56-8812e1ec2e07 +vulnerability,CVE-2024-56546,vulnerability--922fa49c-6c3f-404b-abef-e12002f8b97d +vulnerability,CVE-2024-56648,vulnerability--b52b0005-87ba-4bf4-a1d9-d33866964732 +vulnerability,CVE-2024-56703,vulnerability--4bb1098d-5728-4278-98b0-e1d12f86766e +vulnerability,CVE-2024-56623,vulnerability--593dc65a-694d-409e-ba7d-4215fed1b75b +vulnerability,CVE-2024-56713,vulnerability--9cae081b-846f-4ce9-8b65-7ef337a40e49 +vulnerability,CVE-2024-56548,vulnerability--11bda91c-6f5f-48de-b267-27709e593d95 +vulnerability,CVE-2024-56693,vulnerability--dac50cc7-0e29-48c7-ba6f-c17594e25013 +vulnerability,CVE-2024-56671,vulnerability--266a2c36-3219-488d-ad4c-bbab32851bdd +vulnerability,CVE-2024-56551,vulnerability--10760bd2-3d97-499a-974a-f7a99f665018 +vulnerability,CVE-2024-56657,vulnerability--94a944f4-9bca-42ed-b72a-bf5fe056401f +vulnerability,CVE-2024-56544,vulnerability--e30ccc38-382b-461d-89ff-3bb20c6fe98a +vulnerability,CVE-2024-56594,vulnerability--b83a5893-34aa-4113-8b14-4b20b3e9ddfe +vulnerability,CVE-2024-56606,vulnerability--94866d6f-b8cb-44f4-b7bd-5d22a5f48cda +vulnerability,CVE-2024-56631,vulnerability--e6a7ebf0-0dd9-4e91-8b18-985ffde427f7 +vulnerability,CVE-2024-56617,vulnerability--8c6f0d52-470c-4325-ba8c-696f5326f333 +vulnerability,CVE-2024-46972,vulnerability--3b534657-2a9c-40c3-af97-be286bfb6a48 +vulnerability,CVE-2024-46973,vulnerability--f2ec38bb-c601-4cc9-95ce-0b18d3b16ce5 +vulnerability,CVE-2024-13020,vulnerability--53c72f54-2062-4683-b31e-7f231445ba87 +vulnerability,CVE-2024-13004,vulnerability--2a18ab80-bf08-422f-8684-945aac3d0754 +vulnerability,CVE-2024-13029,vulnerability--d0e63ab7-8c20-444c-8a6f-c8769c4a0297 +vulnerability,CVE-2024-13021,vulnerability--e9fd27fc-7e7f-41e1-9306-0ecc5ab1ba9f +vulnerability,CVE-2024-13019,vulnerability--cd8ce3a1-2a54-4326-91d9-3a156283c6fd +vulnerability,CVE-2024-13005,vulnerability--05b8bf73-0688-4971-835b-2a481b03cafc +vulnerability,CVE-2024-13012,vulnerability--e818dac8-ea31-43db-8c20-da1d98b98175 +vulnerability,CVE-2024-13024,vulnerability--9678b726-c8d7-488f-aee4-fd8eae0d3193 +vulnerability,CVE-2024-13016,vulnerability--21429f78-2941-448e-a092-764ca3d3b24b +vulnerability,CVE-2024-13017,vulnerability--611bd4a0-7f8f-4c83-81fd-0a62b2e7830f +vulnerability,CVE-2024-13014,vulnerability--4880934e-f6e5-4fc4-bc78-0b6dd77f8c81 +vulnerability,CVE-2024-13023,vulnerability--d357340f-50b5-43bc-a705-4ea60181774b +vulnerability,CVE-2024-13006,vulnerability--01827e2f-4620-49cc-977b-6345f3efcd87 +vulnerability,CVE-2024-13028,vulnerability--59015157-cd1d-4122-a254-049e52f3ec0a +vulnerability,CVE-2024-13008,vulnerability--39c2c6df-5f39-4677-a20f-5feecbce897a +vulnerability,CVE-2024-13013,vulnerability--8469c267-9567-4d89-b3c6-6f382185d613 +vulnerability,CVE-2024-13018,vulnerability--44071b5c-a896-40be-b881-4cd9b1bd70cb +vulnerability,CVE-2024-13015,vulnerability--c96b1c3b-abfd-472d-ba17-7eba79477c7e +vulnerability,CVE-2024-13022,vulnerability--59cb3e8d-9ef9-49f4-9268-db436b71879f +vulnerability,CVE-2024-13025,vulnerability--3640d8ae-e311-4ca6-bbcd-0166d119e953 +vulnerability,CVE-2024-13007,vulnerability--7e04ccaf-dbb3-48e7-8ed8-69820bb1568e +vulnerability,CVE-2024-43705,vulnerability--258c29df-15d4-46bb-ace1-256242f4923d +vulnerability,CVE-2021-22484,vulnerability--8c6f7a03-81a9-40af-b05d-afbc87ff0624 +vulnerability,CVE-2021-37000,vulnerability--e80d41b0-7c90-4496-9f7b-a7e55379bef0 +vulnerability,CVE-2022-48470,vulnerability--d1487081-05a1-49bd-a6b7-aa67084ab0c8 +vulnerability,CVE-2022-49034,vulnerability--2d6bf228-2c5c-48b2-b13f-b18fdba73bb1 +vulnerability,CVE-2023-52718,vulnerability--3032c771-a567-4e85-b9a5-943d6bad66b6 +vulnerability,CVE-2023-7263,vulnerability--04d1e158-bf68-4c7a-bdf2-17e6e78a9e96 +vulnerability,CVE-2023-7266,vulnerability--ae7c7855-d166-495c-a816-ea285b1a439b +vulnerability,CVE-2018-25107,vulnerability--1c619fc4-a442-4a0f-8469-f04c8dc7b8b5 +vulnerability,CVE-2020-9080,vulnerability--2021e703-6d50-4a09-bbad-28a9a8756469 +vulnerability,CVE-2020-9211,vulnerability--1ae17fc2-d69b-4446-962a-8bf319277b76 +vulnerability,CVE-2020-9089,vulnerability--b1043f08-ccc3-4cf9-a795-4b9678e2573d +vulnerability,CVE-2020-9081,vulnerability--cfaa5348-05dd-4859-92b4-602386f222df +vulnerability,CVE-2020-9236,vulnerability--e801afd5-b8de-4c7b-8692-87db7f213d2e +vulnerability,CVE-2020-9086,vulnerability--6988ee24-6315-4b55-81f3-4d9799c8ae16 +vulnerability,CVE-2020-9210,vulnerability--7019a8fe-ccac-4794-9fc6-be3532e2e847 +vulnerability,CVE-2020-9085,vulnerability--83294206-a05e-4064-aa07-d5911a1282f5 +vulnerability,CVE-2020-9082,vulnerability--97465f86-3e12-4547-a05d-02d7616fa2bd +vulnerability,CVE-2020-9253,vulnerability--06304a7b-4840-4152-91a3-045b808be4c7 +vulnerability,CVE-2020-9222,vulnerability--66adf266-1e3c-4d3f-9c14-318b4c75a965 +vulnerability,CVE-2020-1819,vulnerability--6642638b-7ba7-460f-bce2-bc6057d82cec +vulnerability,CVE-2020-1824,vulnerability--7d21955f-2aff-4c72-9865-c5054c2b5753 +vulnerability,CVE-2020-1818,vulnerability--711fe948-5d03-4df0-af14-7dc29498d5d0 +vulnerability,CVE-2020-1820,vulnerability--b144aff3-b69a-4f39-94fd-e9590f59cc64 +vulnerability,CVE-2020-1822,vulnerability--ce4014cf-8156-4976-a388-f8d86c601eb4 +vulnerability,CVE-2020-1823,vulnerability--a6ec55b2-b5dd-42c2-94ec-5b2285877f33 +vulnerability,CVE-2020-1821,vulnerability--523e2edf-a310-492e-8ba5-1878907dc8da diff --git a/objects/vulnerability/vulnerability--00ae05fa-7a09-4170-97a9-fa48aba0e6b1.json b/objects/vulnerability/vulnerability--00ae05fa-7a09-4170-97a9-fa48aba0e6b1.json new file mode 100644 index 00000000000..291704c4c68 --- /dev/null +++ b/objects/vulnerability/vulnerability--00ae05fa-7a09-4170-97a9-fa48aba0e6b1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3e140161-e60d-4b8e-8113-2b26de5462e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00ae05fa-7a09-4170-97a9-fa48aba0e6b1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.507874Z", + "modified": "2024-12-30T00:22:03.507874Z", + "name": "CVE-2024-56590", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_core: Fix not checking skb length on hci_acldata_packet\n\nThis fixes not checking if skb really contains an ACL header otherwise\nthe code may attempt to access some uninitilized/invalid memory past the\nvalid skb->data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--00d563a7-a0de-4ec2-ae7a-bba677e0f98b.json b/objects/vulnerability/vulnerability--00d563a7-a0de-4ec2-ae7a-bba677e0f98b.json new file mode 100644 index 00000000000..91587fda773 --- /dev/null +++ b/objects/vulnerability/vulnerability--00d563a7-a0de-4ec2-ae7a-bba677e0f98b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7235653a-2c47-4f69-bd2e-173b742eaa7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00d563a7-a0de-4ec2-ae7a-bba677e0f98b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.497685Z", + "modified": "2024-12-30T00:22:03.497685Z", + "name": "CVE-2024-56545", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: streamline driver probe to avoid devres issues\n\nIt was found that unloading 'hid_hyperv' module results in a devres\ncomplaint:\n\n ...\n hv_vmbus: unregistering driver hid_hyperv\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0\n ...\n Call Trace:\n \n ? devres_release_group+0x1f2/0x2c0\n ? __warn+0xd1/0x1c0\n ? devres_release_group+0x1f2/0x2c0\n ? report_bug+0x32a/0x3c0\n ? handle_bug+0x53/0xa0\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1a/0x20\n ? devres_release_group+0x1f2/0x2c0\n ? devres_release_group+0x90/0x2c0\n ? rcu_is_watching+0x15/0xb0\n ? __pfx_devres_release_group+0x10/0x10\n hid_device_remove+0xf5/0x220\n device_release_driver_internal+0x371/0x540\n ? klist_put+0xf3/0x170\n bus_remove_device+0x1f1/0x3f0\n device_del+0x33f/0x8c0\n ? __pfx_device_del+0x10/0x10\n ? cleanup_srcu_struct+0x337/0x500\n hid_destroy_device+0xc8/0x130\n mousevsc_remove+0xd2/0x1d0 [hid_hyperv]\n device_release_driver_internal+0x371/0x540\n driver_detach+0xc5/0x180\n bus_remove_driver+0x11e/0x2a0\n ? __mutex_unlock_slowpath+0x160/0x5e0\n vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus]\n ...\n\nAnd the issue seems to be that the corresponding devres group is not\nallocated. Normally, devres_open_group() is called from\n__hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver'\nwith 'mousevsc_hid_driver' stub and basically re-implements\n__hid_device_probe() by calling hid_parse() and hid_hw_start() but not\ndevres_open_group(). hid_device_probe() does not call __hid_device_probe()\nfor it. Later, when the driver is removed, hid_device_remove() calls\ndevres_release_group() as it doesn't check whether hdev->driver was\ninitially overridden or not.\n\nThe issue seems to be related to the commit 62c68e7cee33 (\"HID: ensure\ntimely release of driver-allocated resources\") but the commit itself seems\nto be correct.\n\nFix the issue by dropping the 'hid_dev->driver' override and using\nhid_register_driver()/hid_unregister_driver() instead. Alternatively, it\nwould have been possible to rely on the default handling but\nHID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to work\nfor mousevsc as-is.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01694d05-8394-4954-9581-1fd1e01e74db.json b/objects/vulnerability/vulnerability--01694d05-8394-4954-9581-1fd1e01e74db.json new file mode 100644 index 00000000000..d992065ac56 --- /dev/null +++ b/objects/vulnerability/vulnerability--01694d05-8394-4954-9581-1fd1e01e74db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48205d46-0227-4b5a-89cc-fe27658cc466", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01694d05-8394-4954-9581-1fd1e01e74db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.391925Z", + "modified": "2024-12-30T00:22:02.391925Z", + "name": "CVE-2024-53204", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: realtek: usb: fix NULL deref in rtk_usb3phy_probe\n\nIn rtk_usb3phy_probe() devm_kzalloc() may return NULL\nbut this returned value is not checked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01827e2f-4620-49cc-977b-6345f3efcd87.json b/objects/vulnerability/vulnerability--01827e2f-4620-49cc-977b-6345f3efcd87.json new file mode 100644 index 00000000000..024605fa207 --- /dev/null +++ b/objects/vulnerability/vulnerability--01827e2f-4620-49cc-977b-6345f3efcd87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11e2aebf-1e22-43b1-9ade-3c1a12b4b7f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01827e2f-4620-49cc-977b-6345f3efcd87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.960074Z", + "modified": "2024-12-30T00:22:03.960074Z", + "name": "CVE-2024-13006", + "description": "A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13006" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--026cc885-2a79-4e27-9c79-43aa5ba5e260.json b/objects/vulnerability/vulnerability--026cc885-2a79-4e27-9c79-43aa5ba5e260.json new file mode 100644 index 00000000000..3d4eb3f5a7f --- /dev/null +++ b/objects/vulnerability/vulnerability--026cc885-2a79-4e27-9c79-43aa5ba5e260.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a64c0c3-63d3-45ea-ba41-be199c6ee115", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--026cc885-2a79-4e27-9c79-43aa5ba5e260", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.491482Z", + "modified": "2024-12-30T00:22:03.491482Z", + "name": "CVE-2024-56636", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: do not assume mac header is set in geneve_xmit_skb()\n\nWe should not assume mac header is set in output path.\n\nUse skb_eth_hdr() instead of eth_hdr() to fix the issue.\n\nsysbot reported the following :\n\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h:3052 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 eth_hdr include/linux/if_ether.h:24 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit_skb drivers/net/geneve.c:898 [inline]\n WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039\nModules linked in:\nCPU: 0 UID: 0 PID: 11635 Comm: syz.4.1423 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_mac_header include/linux/skbuff.h:3052 [inline]\n RIP: 0010:eth_hdr include/linux/if_ether.h:24 [inline]\n RIP: 0010:geneve_xmit_skb drivers/net/geneve.c:898 [inline]\n RIP: 0010:geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039\nCode: 21 c6 02 e9 35 d4 ff ff e8 a5 48 4c fb 90 0f 0b 90 e9 fd f5 ff ff e8 97 48 4c fb 90 0f 0b 90 e9 d8 f5 ff ff e8 89 48 4c fb 90 <0f> 0b 90 e9 41 e4 ff ff e8 7b 48 4c fb 90 0f 0b 90 e9 cd e7 ff ff\nRSP: 0018:ffffc90003b2f870 EFLAGS: 00010283\nRAX: 000000000000037a RBX: 000000000000ffff RCX: ffffc9000dc3d000\nRDX: 0000000000080000 RSI: ffffffff86428417 RDI: 0000000000000003\nRBP: ffffc90003b2f9f0 R08: 0000000000000003 R09: 000000000000ffff\nR10: 000000000000ffff R11: 0000000000000002 R12: ffff88806603c000\nR13: 0000000000000000 R14: ffff8880685b2780 R15: 0000000000000e23\nFS: 00007fdc2deed6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b30a1dff8 CR3: 0000000056b8c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n __dev_direct_xmit+0x58a/0x720 net/core/dev.c:4490\n dev_direct_xmit include/linux/netdevice.h:3181 [inline]\n packet_xmit+0x1e4/0x360 net/packet/af_packet.c:285\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x2700/0x5660 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg net/socket.c:726 [inline]\n __sys_sendto+0x488/0x4f0 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--032bc7e8-033a-4d8c-a5e5-ac0eefcab182.json b/objects/vulnerability/vulnerability--032bc7e8-033a-4d8c-a5e5-ac0eefcab182.json new file mode 100644 index 00000000000..fb91ae596b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--032bc7e8-033a-4d8c-a5e5-ac0eefcab182.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c170011d-2c39-4d32-b4f1-3ba3ce89727a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--032bc7e8-033a-4d8c-a5e5-ac0eefcab182", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.47105Z", + "modified": "2024-12-30T00:22:03.47105Z", + "name": "CVE-2024-56559", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation\n\nWhen compiling kernel source 'make -j $(nproc)' with the up-and-running\nKASAN-enabled kernel on a 256-core machine, the following soft lockup is\nshown:\n\nwatchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760]\nCPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95\nWorkqueue: events drain_vmap_area_work\nRIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0\nCode: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75\nRSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202\nRAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949\nRDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50\nRBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800\nR10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39\nR13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003\nFS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0\nCall Trace:\n \n ? watchdog_timer_fn+0x2cd/0x390\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x300/0x6d0\n ? sched_clock_cpu+0x69/0x4e0\n ? __pfx___hrtimer_run_queues+0x10/0x10\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get_update_offsets_now+0x7f/0x2a0\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? hrtimer_interrupt+0x2ca/0x760\n ? __sysvec_apic_timer_interrupt+0x8c/0x2b0\n ? sysvec_apic_timer_interrupt+0x6a/0x90\n \n \n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? smp_call_function_many_cond+0x1d8/0xbb0\n ? __pfx_do_kernel_range_flush+0x10/0x10\n on_each_cpu_cond_mask+0x20/0x40\n flush_tlb_kernel_range+0x19b/0x250\n ? srso_return_thunk+0x5/0x5f\n ? kasan_release_vmalloc+0xa7/0xc0\n purge_vmap_node+0x357/0x820\n ? __pfx_purge_vmap_node+0x10/0x10\n __purge_vmap_area_lazy+0x5b8/0xa10\n drain_vmap_area_work+0x21/0x30\n process_one_work+0x661/0x10b0\n worker_thread+0x844/0x10e0\n ? srso_return_thunk+0x5/0x5f\n ? __kthread_parkme+0x82/0x140\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2a5/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nDebugging Analysis:\n\n 1. The following ftrace log shows that the lockup CPU spends too much\n time iterating vmap_nodes and flushing TLB when purging vm_area\n structures. (Some info is trimmed).\n\n kworker: funcgraph_entry: | drain_vmap_area_work() {\n kworker: funcgraph_entry: | mutex_lock() {\n kworker: funcgraph_entry: 1.092 us | __cond_resched();\n kworker: funcgraph_exit: 3.306 us | }\n ... ...\n kworker: funcgraph_entry: | flush_tlb_kernel_range() {\n ... ...\n kworker: funcgraph_exit: # 7533.649 us | }\n ... ...\n kworker: funcgraph_entry: 2.344 us | mutex_unlock();\n kworker: funcgraph_exit: $ 23871554 us | }\n\n The drain_vmap_area_work() spends over 23 seconds.\n\n There are 2805 flush_tlb_kernel_range() calls in the ftrace log.\n * One is called in __purge_vmap_area_lazy().\n * Others are called by purge_vmap_node->kasan_release_vmalloc.\n purge_vmap_node() iteratively releases kasan vmalloc\n allocations and flushes TLB for each vmap_area.\n - [Rough calculation] Each flush_tlb_kernel_range() runs\n about 7.5ms.\n -- 2804 * 7.5ms = 21.03 seconds.\n -- That's why a soft lock is triggered.\n\n 2. Extending the soft lockup time can work around the issue (For example,\n # echo\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--032fbc4f-d4cf-49a4-b5d3-1658fc62809b.json b/objects/vulnerability/vulnerability--032fbc4f-d4cf-49a4-b5d3-1658fc62809b.json new file mode 100644 index 00000000000..e0cf94ca0b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--032fbc4f-d4cf-49a4-b5d3-1658fc62809b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ed5c7b5-34ce-4539-af0f-0ee9d2195f8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--032fbc4f-d4cf-49a4-b5d3-1658fc62809b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.440291Z", + "modified": "2024-12-30T00:22:03.440291Z", + "name": "CVE-2024-56596", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix array-index-out-of-bounds in jfs_readdir\n\nThe stbl might contain some invalid values. Added a check to\nreturn error code in that case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03e4bcda-abe3-4cd3-95df-49aa95edc844.json b/objects/vulnerability/vulnerability--03e4bcda-abe3-4cd3-95df-49aa95edc844.json new file mode 100644 index 00000000000..43387f97faa --- /dev/null +++ b/objects/vulnerability/vulnerability--03e4bcda-abe3-4cd3-95df-49aa95edc844.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e3b45e4-a08e-46a2-b43d-64e8966b2dc8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03e4bcda-abe3-4cd3-95df-49aa95edc844", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.43415Z", + "modified": "2024-12-30T00:22:03.43415Z", + "name": "CVE-2024-56553", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix memleak of proc->delivered_freeze\n\nIf a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION\nbefore calling binder_freeze_notification_done(), then it is detached\nfrom its reference (e.g. ref->freeze) but the work remains queued in\nproc->delivered_freeze. This leads to a memory leak when the process\nexits as any pending entries in proc->delivered_freeze are not freed:\n\n unreferenced object 0xffff38e8cfa36180 (size 64):\n comm \"binder-util\", pid 655, jiffies 4294936641\n hex dump (first 32 bytes):\n b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8..\n 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K.....\n backtrace (crc 95983b32):\n [<000000000d0582cf>] kmemleak_alloc+0x34/0x40\n [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280\n [<00000000313b1704>] binder_thread_write+0xdec/0x439c\n [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc\n [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190\n [<00000000b439adee>] invoke_syscall+0x6c/0x254\n [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230\n [<0000000084f72311>] do_el0_svc+0x40/0x58\n [<000000008b872457>] el0_svc+0x38/0x78\n [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c\n [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194\n\nThis patch fixes the leak by ensuring that any pending entries in\nproc->delivered_freeze are freed during binder_deferred_release().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56553" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04a3c6ca-80f2-4270-bb4a-7f6ff69e3e3e.json b/objects/vulnerability/vulnerability--04a3c6ca-80f2-4270-bb4a-7f6ff69e3e3e.json new file mode 100644 index 00000000000..b3da68b1835 --- /dev/null +++ b/objects/vulnerability/vulnerability--04a3c6ca-80f2-4270-bb4a-7f6ff69e3e3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf47c7b1-94c3-4d35-ab51-2a94f1b95288", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04a3c6ca-80f2-4270-bb4a-7f6ff69e3e3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.574714Z", + "modified": "2024-12-30T00:22:03.574714Z", + "name": "CVE-2024-56701", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n # echo 1 > /proc/powerpc/vcpudispatch_stats\n BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n preempt_count: 1, expected: 0\n 3 locks held by sh/199:\n #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n Call Trace:\n dump_stack_lvl+0x130/0x148 (unreliable)\n __might_resched+0x174/0x410\n kmem_cache_alloc_noprof+0x340/0x3d0\n alloc_dtl_buffers+0x124/0x1ac\n vcpudispatch_stats_write+0x2a8/0x5f4\n proc_reg_write+0xf4/0x150\n vfs_write+0xfc/0x438\n ksys_write+0x88/0x148\n system_call_exception+0x1c4/0x5a0\n system_call_common+0xf4/0x258", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04d1e158-bf68-4c7a-bdf2-17e6e78a9e96.json b/objects/vulnerability/vulnerability--04d1e158-bf68-4c7a-bdf2-17e6e78a9e96.json new file mode 100644 index 00000000000..92ff1bbc2af --- /dev/null +++ b/objects/vulnerability/vulnerability--04d1e158-bf68-4c7a-bdf2-17e6e78a9e96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49f04703-9563-4dd9-a53d-c7b656f3cd40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04d1e158-bf68-4c7a-bdf2-17e6e78a9e96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:11.954583Z", + "modified": "2024-12-30T00:22:11.954583Z", + "name": "CVE-2023-7263", + "description": "Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7263", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7263" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05b8bf73-0688-4971-835b-2a481b03cafc.json b/objects/vulnerability/vulnerability--05b8bf73-0688-4971-835b-2a481b03cafc.json new file mode 100644 index 00000000000..27098696336 --- /dev/null +++ b/objects/vulnerability/vulnerability--05b8bf73-0688-4971-835b-2a481b03cafc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69ac6ef8-0fa6-4a13-a996-f6b5f5cc2d16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05b8bf73-0688-4971-835b-2a481b03cafc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.953128Z", + "modified": "2024-12-30T00:22:03.953128Z", + "name": "CVE-2024-13005", + "description": "A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/attendance_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13005" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06304a7b-4840-4152-91a3-045b808be4c7.json b/objects/vulnerability/vulnerability--06304a7b-4840-4152-91a3-045b808be4c7.json new file mode 100644 index 00000000000..855a3af2c4f --- /dev/null +++ b/objects/vulnerability/vulnerability--06304a7b-4840-4152-91a3-045b808be4c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ca33f17-6e7e-46a2-9568-ca80dedf1661", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06304a7b-4840-4152-91a3-045b808be4c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.887322Z", + "modified": "2024-12-30T00:22:16.887322Z", + "name": "CVE-2020-9253", + "description": "There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9253" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0654e9b4-809c-4e06-94d4-6812540be326.json b/objects/vulnerability/vulnerability--0654e9b4-809c-4e06-94d4-6812540be326.json new file mode 100644 index 00000000000..d78e39970e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--0654e9b4-809c-4e06-94d4-6812540be326.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33511414-7429-4485-b9eb-8cb2e08939e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0654e9b4-809c-4e06-94d4-6812540be326", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.539196Z", + "modified": "2024-12-30T00:22:03.539196Z", + "name": "CVE-2024-56587", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: class: Protect brightness_show() with led_cdev->led_access mutex\n\nThere is NULL pointer issue observed if from Process A where hid device\nbeing added which results in adding a led_cdev addition and later a\nanother call to access of led_cdev attribute from Process B can result\nin NULL pointer issue.\n\nUse mutex led_cdev->led_access to protect access to led->cdev and its\nattribute inside brightness_show() and max_brightness_show() and also\nupdate the comment for mutex that it should be used to protect the led\nclass device fields.\n\n\tProcess A \t\t\t\tProcess B\n\n kthread+0x114\n worker_thread+0x244\n process_scheduled_works+0x248\n uhid_device_add_worker+0x24\n hid_add_device+0x120\n device_add+0x268\n bus_probe_device+0x94\n device_initial_probe+0x14\n __device_attach+0xfc\n bus_for_each_drv+0x10c\n __device_attach_driver+0x14c\n driver_probe_device+0x3c\n __driver_probe_device+0xa0\n really_probe+0x190\n hid_device_probe+0x130\n ps_probe+0x990\n ps_led_register+0x94\n devm_led_classdev_register_ext+0x58\n led_classdev_register_ext+0x1f8\n device_create_with_groups+0x48\n device_create_groups_vargs+0xc8\n device_add+0x244\n kobject_uevent+0x14\n kobject_uevent_env[jt]+0x224\n mutex_unlock[jt]+0xc4\n __mutex_unlock_slowpath+0xd4\n wake_up_q+0x70\n try_to_wake_up[jt]+0x48c\n preempt_schedule_common+0x28\n __schedule+0x628\n __switch_to+0x174\n\t\t\t\t\t\tel0t_64_sync+0x1a8/0x1ac\n\t\t\t\t\t\tel0t_64_sync_handler+0x68/0xbc\n\t\t\t\t\t\tel0_svc+0x38/0x68\n\t\t\t\t\t\tdo_el0_svc+0x1c/0x28\n\t\t\t\t\t\tel0_svc_common+0x80/0xe0\n\t\t\t\t\t\tinvoke_syscall+0x58/0x114\n\t\t\t\t\t\t__arm64_sys_read+0x1c/0x2c\n\t\t\t\t\t\tksys_read+0x78/0xe8\n\t\t\t\t\t\tvfs_read+0x1e0/0x2c8\n\t\t\t\t\t\tkernfs_fop_read_iter+0x68/0x1b4\n\t\t\t\t\t\tseq_read_iter+0x158/0x4ec\n\t\t\t\t\t\tkernfs_seq_show+0x44/0x54\n\t\t\t\t\t\tsysfs_kf_seq_show+0xb4/0x130\n\t\t\t\t\t\tdev_attr_show+0x38/0x74\n\t\t\t\t\t\tbrightness_show+0x20/0x4c\n\t\t\t\t\t\tdualshock4_led_get_brightness+0xc/0x74\n\n[ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060\n[ 3313.874301][ T4013] Mem abort info:\n[ 3313.874303][ T4013] ESR = 0x0000000096000006\n[ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 3313.874307][ T4013] SET = 0, FnV = 0\n[ 3313.874309][ T4013] EA = 0, S1PTW = 0\n[ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault\n[ 3313.874313][ T4013] Data abort info:\n[ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000\n..\n\n[ 3313.874332][ T4013] Dumping ftrace buffer:\n[ 3313.874334][ T4013] (ftrace buffer empty)\n..\n..\n[ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader\n[ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60\n[ 3313.874656][ T4013] sp : ffffffc0b910bbd0\n..\n..\n[ 3313.874685][ T4013] Call trace:\n[ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74\n[ 3313.874690][ T4013] brightness_show+0x20/0x4c\n[ 3313.874692][ T4013] dev_attr_show+0x38/0x74\n[ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130\n[ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54\n[ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec\n[ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4\n[ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8\n[ 3313.874711][ T4013] ksys_read+0x78/0xe8\n[ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c\n[ 3313.874718][ T4013] invoke_syscall+0x58/0x114\n[ 3313.874721][ T4013] el0_svc_common+0x80/0xe0\n[ 3313.874724][ T4013] do_el0_svc+0x1c/0x28\n[ 3313.874727][ T4013] el0_svc+0x38/0x68\n[ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc\n[ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56587" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06879b80-2635-48ed-9ee8-b053e3fa5fb6.json b/objects/vulnerability/vulnerability--06879b80-2635-48ed-9ee8-b053e3fa5fb6.json new file mode 100644 index 00000000000..789769a5562 --- /dev/null +++ b/objects/vulnerability/vulnerability--06879b80-2635-48ed-9ee8-b053e3fa5fb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ef3d46c-c57a-4578-93bc-98ad2531242e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06879b80-2635-48ed-9ee8-b053e3fa5fb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.438328Z", + "modified": "2024-12-30T00:22:03.438328Z", + "name": "CVE-2024-56683", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: hdmi: Avoid hang with debug registers when suspended\n\nTrying to read /sys/kernel/debug/dri/1/hdmi1_regs\nwhen the hdmi is disconnected results in a fatal system hang.\n\nThis is due to the pm suspend code disabling the dvp clock.\nThat is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG,\nwhich results in accesses hanging AXI bus.\n\nProtect against this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0723d1f5-5d29-4646-9342-3858f5899e92.json b/objects/vulnerability/vulnerability--0723d1f5-5d29-4646-9342-3858f5899e92.json new file mode 100644 index 00000000000..fc09025d8db --- /dev/null +++ b/objects/vulnerability/vulnerability--0723d1f5-5d29-4646-9342-3858f5899e92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddd87900-dbaa-476d-ba2a-2c470c07e624", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0723d1f5-5d29-4646-9342-3858f5899e92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.594687Z", + "modified": "2024-12-30T00:22:03.594687Z", + "name": "CVE-2024-56625", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: dev: can_set_termination(): allow sleeping GPIOs\n\nIn commit 6e86a1543c37 (\"can: dev: provide optional GPIO based\ntermination support\") GPIO based termination support was added.\n\nFor no particular reason that patch uses gpiod_set_value() to set the\nGPIO. This leads to the following warning, if the systems uses a\nsleeping GPIO, i.e. behind an I2C port expander:\n\n| WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c\n| CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c\n\nReplace gpiod_set_value() by gpiod_set_value_cansleep() to allow the\nuse of sleeping GPIOs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56625" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--080f3ab8-5bdd-47a1-b3c7-6f1e4ce15aa4.json b/objects/vulnerability/vulnerability--080f3ab8-5bdd-47a1-b3c7-6f1e4ce15aa4.json new file mode 100644 index 00000000000..9c16a32ddeb --- /dev/null +++ b/objects/vulnerability/vulnerability--080f3ab8-5bdd-47a1-b3c7-6f1e4ce15aa4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abdf9c2d-2f12-4dbf-9143-c536df8e4e32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--080f3ab8-5bdd-47a1-b3c7-6f1e4ce15aa4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.577956Z", + "modified": "2024-12-30T00:22:03.577956Z", + "name": "CVE-2024-56676", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: testing: Initialize some variables annoteded with _free()\n\nVariables annotated with __free() need to be initialized if the function\ncan return before they get updated for the first time or the attempt to\nfree the memory pointed to by them upon function return may crash the\nkernel.\n\nFix this issue in some places in the thermal testing code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08843908-699b-4c4b-b211-f41355f3004f.json b/objects/vulnerability/vulnerability--08843908-699b-4c4b-b211-f41355f3004f.json new file mode 100644 index 00000000000..72486a03eae --- /dev/null +++ b/objects/vulnerability/vulnerability--08843908-699b-4c4b-b211-f41355f3004f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d15758a2-cc73-4fb0-b043-8e3c2fb82408", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08843908-699b-4c4b-b211-f41355f3004f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.417754Z", + "modified": "2024-12-30T00:22:02.417754Z", + "name": "CVE-2024-53218", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix race in concurrent f2fs_stop_gc_thread\n\nIn my test case, concurrent calls to f2fs shutdown report the following\nstack trace:\n\n Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85\n Call Trace:\n \n ? show_regs+0x8b/0xa0\n ? __die_body+0x26/0xa0\n ? die_addr+0x54/0x90\n ? exc_general_protection+0x24b/0x5c0\n ? asm_exc_general_protection+0x26/0x30\n ? kthread_stop+0x46/0x390\n f2fs_stop_gc_thread+0x6c/0x110\n f2fs_do_shutdown+0x309/0x3a0\n f2fs_ioc_shutdown+0x150/0x1c0\n __f2fs_ioctl+0xffd/0x2ac0\n f2fs_ioctl+0x76/0xe0\n vfs_ioctl+0x23/0x60\n __x64_sys_ioctl+0xce/0xf0\n x64_sys_call+0x2b1b/0x4540\n do_syscall_64+0xa7/0x240\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is a race condition in f2fs_stop_gc_thread() called from\ndifferent f2fs shutdown paths:\n\n [CPU0] [CPU1]\n ---------------------- -----------------------\n f2fs_stop_gc_thread f2fs_stop_gc_thread\n gc_th = sbi->gc_thread\n gc_th = sbi->gc_thread\n kfree(gc_th)\n sbi->gc_thread = NULL\n < gc_th != NULL >\n kthread_stop(gc_th->f2fs_gc_task) //UAF\n\nThe commit c7f114d864ac (\"f2fs: fix to avoid use-after-free in\nf2fs_stop_gc_thread()\") attempted to fix this issue by using a read\nsemaphore to prevent races between shutdown and remount threads, but\nit fails to prevent all race conditions.\n\nFix it by converting to write lock of s_umount in f2fs_do_shutdown().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53218" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08f51825-e1b8-471f-9fe8-29c82ce42652.json b/objects/vulnerability/vulnerability--08f51825-e1b8-471f-9fe8-29c82ce42652.json new file mode 100644 index 00000000000..8397ef79493 --- /dev/null +++ b/objects/vulnerability/vulnerability--08f51825-e1b8-471f-9fe8-29c82ce42652.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52cb1c98-2161-465f-baf8-638cb7296e09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08f51825-e1b8-471f-9fe8-29c82ce42652", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.440071Z", + "modified": "2024-12-30T00:22:02.440071Z", + "name": "CVE-2024-53215", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsvcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()\n\nThere's issue as follows:\nRPC: Registered rdma transport module.\nRPC: Registered rdma backchannel transport module.\nRPC: Unregistered rdma transport module.\nRPC: Unregistered rdma backchannel transport module.\nBUG: unable to handle page fault for address: fffffbfff80c609a\nPGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nRIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0\nCall Trace:\n \n __die+0x1f/0x70\n page_fault_oops+0x2cd/0x860\n spurious_kernel_fault+0x36/0x450\n do_kern_addr_fault+0xca/0x100\n exc_page_fault+0x128/0x150\n asm_exc_page_fault+0x26/0x30\n percpu_counter_destroy_many+0xf7/0x2a0\n mmdrop+0x209/0x350\n finish_task_switch.isra.0+0x481/0x840\n schedule_tail+0xe/0xd0\n ret_from_fork+0x23/0x80\n ret_from_fork_asm+0x1a/0x30\n \n\nIf register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not\ndestroy the percpu counters which init in svc_rdma_proc_init().\nIf CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the\n'percpu_counters' list. The above issue may occur once the module is\nremoved. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory\nleakage occurs.\nTo solve above issue just destroy all percpu counters when\nregister_sysctl() return NULL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53215" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c415ade-3ade-442b-97f9-fa627e210463.json b/objects/vulnerability/vulnerability--0c415ade-3ade-442b-97f9-fa627e210463.json new file mode 100644 index 00000000000..8ddf0b3e267 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c415ade-3ade-442b-97f9-fa627e210463.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc0c789f-6884-4d0e-88ff-1b1a05156fd2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c415ade-3ade-442b-97f9-fa627e210463", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.376448Z", + "modified": "2024-12-30T00:22:03.376448Z", + "name": "CVE-2024-56564", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: pass cred pointer to ceph_mds_auth_match()\n\nThis eliminates a redundant get_current_cred() call, because\nceph_mds_check_access() has already obtained this pointer.\n\nAs a side effect, this also fixes a reference leak in\nceph_mds_auth_match(): by omitting the get_current_cred() call, no\nadditional cred reference is taken.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c437a77-8eff-4a50-b31b-74b35d452d09.json b/objects/vulnerability/vulnerability--0c437a77-8eff-4a50-b31b-74b35d452d09.json new file mode 100644 index 00000000000..09c888126a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c437a77-8eff-4a50-b31b-74b35d452d09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12429869-3dbb-4ab3-a4d2-978ee1848f30", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c437a77-8eff-4a50-b31b-74b35d452d09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.438496Z", + "modified": "2024-12-30T00:22:02.438496Z", + "name": "CVE-2024-53238", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: adjust the position to init iso data anchor\n\nMediaTek iso data anchor init should be moved to where MediaTek\nclaims iso data interface.\nIf there is an unexpected BT usb disconnect during setup flow,\nit will cause a NULL pointer crash issue when releasing iso\nanchor since the anchor wasn't been init yet. Adjust the position\nto do iso data anchor init.\n\n[ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168\n[ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168\n[ 17.137999] sp : ffffffc0890cb5f0\n[ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80\n[ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines\n[ 17.148421] x27: 0000000000000000\n[ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0\n[ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001\n[ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000\n[ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000\n[ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001\n[ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001\n[ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000\n[ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011\n[ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588\n[ 17.268404] Call trace:\n[ 17.270841] usb_kill_anchored_urbs+0x60/0x168\n[ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)]\n[ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)]\n[ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)]\n[ 17.300818] usb_unbind_interface+0xc4/0x240\n[ 17.305079] device_release_driver_internal+0x18c/0x258\n[ 17.310296] device_release_driver+0x1c/0x30\n[ 17.314557] bus_remove_device+0x140/0x160\n[ 17.318643] device_del+0x1c0/0x330\n[ 17.322121] usb_disable_device+0x80/0x180\n[ 17.326207] usb_disconnect+0xec/0x300\n[ 17.329948] hub_quiesce+0x80/0xd0\n[ 17.333339] hub_disconnect+0x44/0x190\n[ 17.337078] usb_unbind_interface+0xc4/0x240\n[ 17.341337] device_release_driver_internal+0x18c/0x258\n[ 17.346551] device_release_driver+0x1c/0x30\n[ 17.350810] usb_driver_release_interface+0x70/0x88\n[ 17.355677] proc_ioctl+0x13c/0x228\n[ 17.359157] proc_ioctl_default+0x50/0x80\n[ 17.363155] usbdev_ioctl+0x830/0xd08\n[ 17.366808] __arm64_sys_ioctl+0x94/0xd0\n[ 17.370723] invoke_syscall+0x6c/0xf8\n[ 17.374377] el0_svc_common+0x84/0xe0\n[ 17.378030] do_el0_svc+0x20/0x30\n[ 17.381334] el0_svc+0x34/0x60\n[ 17.384382] el0t_64_sync_handler+0x88/0xf0\n[ 17.388554] el0t_64_sync+0x180/0x188\n[ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288)\n[ 17.398289] ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c5adf6f-47ba-453b-bcc4-22d46b1a9c3e.json b/objects/vulnerability/vulnerability--0c5adf6f-47ba-453b-bcc4-22d46b1a9c3e.json new file mode 100644 index 00000000000..3b6f1ac2348 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c5adf6f-47ba-453b-bcc4-22d46b1a9c3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5eea6987-fbdc-42ee-94b2-82752716ae8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c5adf6f-47ba-453b-bcc4-22d46b1a9c3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.455868Z", + "modified": "2024-12-30T00:22:02.455868Z", + "name": "CVE-2024-53173", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.0: Fix a use-after-free problem in the asynchronous open()\n\nYang Erkun reports that when two threads are opening files at the same\ntime, and are forced to abort before a reply is seen, then the call to\nnfs_release_seqid() in nfs4_opendata_free() can result in a\nuse-after-free of the pointer to the defunct rpc task of the other\nthread.\nThe fix is to ensure that if the RPC call is aborted before the call to\nnfs_wait_on_sequence() is complete, then we must call nfs_release_seqid()\nin nfs4_open_release() before the rpc_task is freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53173" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10760bd2-3d97-499a-974a-f7a99f665018.json b/objects/vulnerability/vulnerability--10760bd2-3d97-499a-974a-f7a99f665018.json new file mode 100644 index 00000000000..7dfcf7b84e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--10760bd2-3d97-499a-974a-f7a99f665018.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--247f85e7-e939-4da3-aa4b-72158890a88f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10760bd2-3d97-499a-974a-f7a99f665018", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.611014Z", + "modified": "2024-12-30T00:22:03.611014Z", + "name": "CVE-2024-56551", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix usage slab after free\n\n[ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147\n\n[ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1\n[ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020\n[ +0.000016] Call Trace:\n[ +0.000008] \n[ +0.000009] dump_stack_lvl+0x76/0xa0\n[ +0.000017] print_report+0xce/0x5f0\n[ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] ? srso_return_thunk+0x5/0x5f\n[ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200\n[ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000019] kasan_report+0xbe/0x110\n[ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000023] __asan_report_load8_noabort+0x14/0x30\n[ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched]\n[ +0.000020] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? enable_work+0x124/0x220\n[ +0.000015] ? __pfx_enable_work+0x10/0x10\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? free_large_kmalloc+0x85/0xf0\n[ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched]\n[ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu]\n[ +0.000735] ? __kasan_check_read+0x11/0x20\n[ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu]\n[ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu]\n[ +0.000679] ? mutex_unlock+0x80/0xe0\n[ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu]\n[ +0.000662] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? __kasan_check_write+0x14/0x30\n[ +0.000013] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? mutex_unlock+0x80/0xe0\n[ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu]\n[ +0.000663] drm_minor_release+0xc9/0x140 [drm]\n[ +0.000081] drm_release+0x1fd/0x390 [drm]\n[ +0.000082] __fput+0x36c/0xad0\n[ +0.000018] __fput_sync+0x3c/0x50\n[ +0.000014] __x64_sys_close+0x7d/0xe0\n[ +0.000014] x64_sys_call+0x1bc6/0x2680\n[ +0.000014] do_syscall_64+0x70/0x130\n[ +0.000014] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190\n[ +0.000015] ? srso_return_thunk+0x5/0x5f\n[ +0.000014] ? irqentry_exit+0x43/0x50\n[ +0.000012] ? srso_return_thunk+0x5/0x5f\n[ +0.000013] ? exc_page_fault+0x7c/0x110\n[ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ +0.000014] RIP: 0033:0x7ffff7b14f67\n[ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff\n[ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003\n[ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67\n[ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003\n[ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000\n[ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8\n[ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040\n[ +0.000020] \n\n[ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s:\n[ +0.000014] kasan_save_stack+0x28/0x60\n[ +0.000008] kasan_save_track+0x18/0x70\n[ +0.000007] kasan_save_alloc_info+0x38/0x60\n[ +0.000007] __kasan_kmalloc+0xc1/0xd0\n[ +0.000007] kmalloc_trace_noprof+0x180/0x380\n[ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched]\n[ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu]\n[ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu]\n[ +0.000662] amdgpu_pci_p\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56551" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11b3530c-aa69-4967-985b-efb0f51eb60a.json b/objects/vulnerability/vulnerability--11b3530c-aa69-4967-985b-efb0f51eb60a.json new file mode 100644 index 00000000000..d8d7a474913 --- /dev/null +++ b/objects/vulnerability/vulnerability--11b3530c-aa69-4967-985b-efb0f51eb60a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89cecdfb-02a0-4bc1-9219-cb29e9a6ce06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11b3530c-aa69-4967-985b-efb0f51eb60a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.506408Z", + "modified": "2024-12-30T00:22:03.506408Z", + "name": "CVE-2024-56678", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm/fault: Fix kfence page fault reporting\n\ncopy_from_kernel_nofault() can be called when doing read of /proc/kcore.\n/proc/kcore can have some unmapped kfence objects which when read via\ncopy_from_kernel_nofault() can cause page faults. Since *_nofault()\nfunctions define their own fixup table for handling fault, use that\ninstead of asking kfence to handle such faults.\n\nHence we search the exception tables for the nip which generated the\nfault. If there is an entry then we let the fixup table handler handle the\npage fault by returning an error from within ___do_page_fault().\n\nThis can be easily triggered if someone tries to do dd from /proc/kcore.\neg. dd if=/proc/kcore of=/dev/null bs=1M\n\nSome example false negatives:\n\n ===============================\n BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0\n Invalid read at 0xc0000000fdff0000:\n copy_from_kernel_nofault+0x9c/0x1a0\n 0xc00000000665f950\n read_kcore_iter+0x57c/0xa04\n proc_reg_read_iter+0xe4/0x16c\n vfs_read+0x320/0x3ec\n ksys_read+0x90/0x154\n system_call_exception+0x120/0x310\n system_call_vectored_common+0x15c/0x2ec\n\n BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0\n Use-after-free read at 0xc0000000fe050000 (in kfence-#2):\n copy_from_kernel_nofault+0x9c/0x1a0\n 0xc00000000665f950\n read_kcore_iter+0x57c/0xa04\n proc_reg_read_iter+0xe4/0x16c\n vfs_read+0x320/0x3ec\n ksys_read+0x90/0x154\n system_call_exception+0x120/0x310\n system_call_vectored_common+0x15c/0x2ec", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56678" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11b7743f-ec5f-441e-9ee5-db290d64ea4a.json b/objects/vulnerability/vulnerability--11b7743f-ec5f-441e-9ee5-db290d64ea4a.json new file mode 100644 index 00000000000..3f7e2c70db5 --- /dev/null +++ b/objects/vulnerability/vulnerability--11b7743f-ec5f-441e-9ee5-db290d64ea4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70b2ed38-5de2-4990-a52f-ae55ce231c76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11b7743f-ec5f-441e-9ee5-db290d64ea4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.571527Z", + "modified": "2024-12-30T00:22:03.571527Z", + "name": "CVE-2024-56605", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()\n\nbt_sock_alloc() allocates the sk object and attaches it to the provided\nsock object. On error l2cap_sock_alloc() frees the sk object, but the\ndangling pointer is still attached to the sock object, which may create\nuse-after-free in other code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11bda91c-6f5f-48de-b267-27709e593d95.json b/objects/vulnerability/vulnerability--11bda91c-6f5f-48de-b267-27709e593d95.json new file mode 100644 index 00000000000..c1a9f7a8dd2 --- /dev/null +++ b/objects/vulnerability/vulnerability--11bda91c-6f5f-48de-b267-27709e593d95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d79225-3eed-4552-96b9-7e06c41ccfc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11bda91c-6f5f-48de-b267-27709e593d95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.607783Z", + "modified": "2024-12-30T00:22:03.607783Z", + "name": "CVE-2024-56548", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don't query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[ 419.944641] ==================================================================\n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[ 419.947612]\n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 419.950035] Call Trace:\n[ 419.950384] \n[ 419.950676] dump_stack_lvl+0x57/0x78\n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.951830] print_report+0x14c/0x49e\n[ 419.952361] ? __virt_addr_valid+0x267/0x278\n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d\n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.954231] kasan_report+0x89/0xb0\n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a\n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9\n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e\n[ 419.957772] hfsplus_fill_super+0x348/0x1590\n[ 419.958355] ? hlock_class+0x4c/0x109\n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.959499] ? __pfx_string+0x10/0x10\n[ 419.960006] ? lock_acquire+0x3e2/0x454\n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243\n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10\n[ 419.961799] ? pointer+0x3f0/0x62f\n[ 419.962277] ? __pfx_pointer+0x10/0x10\n[ 419.962761] ? vsnprintf+0x6c4/0xfba\n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10\n[ 419.963621] ? setup_bdev_super+0x376/0x3b3\n[ 419.964029] ? snprintf+0x9d/0xd2\n[ 419.964344] ? __pfx_snprintf+0x10/0x10\n[ 419.964675] ? lock_acquired+0x45c/0x5e9\n[ 419.965016] ? set_blocksize+0x139/0x1c1\n[ 419.965381] ? sb_set_blocksize+0x6d/0xae\n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10\n[ 419.966179] mount_bdev+0x12f/0x1bf\n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10\n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111\n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10\n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10\n[ 419.968073] legacy_get_tree+0x104/0x178\n[ 419.968414] vfs_get_tree+0x86/0x296\n[ 419.968751] path_mount+0xba3/0xd0b\n[ 419.969157] ? __pfx_path_mount+0x10/0x10\n[ 419.969594] ? kmem_cache_free+0x1e2/0x260\n[ 419.970311] do_mount+0x99/0xe0\n[ 419.970630] ? __pfx_do_mount+0x10/0x10\n[ 419.971008] __do_sys_mount+0x199/0x1c9\n[ 419.971397] do_syscall_64+0xd0/0x135\n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 419.972233] RIP: 0033:0x7c3cb812972e\n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1207b6d9-197b-48d6-95a6-816d2c0d43d3.json b/objects/vulnerability/vulnerability--1207b6d9-197b-48d6-95a6-816d2c0d43d3.json new file mode 100644 index 00000000000..19f6b51ff4a --- /dev/null +++ b/objects/vulnerability/vulnerability--1207b6d9-197b-48d6-95a6-816d2c0d43d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eeee16e4-8102-4bf0-b3a7-8e4339a385fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1207b6d9-197b-48d6-95a6-816d2c0d43d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.454111Z", + "modified": "2024-12-30T00:22:02.454111Z", + "name": "CVE-2024-53164", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53164" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1227ad00-de37-4fac-a48e-2bde887a30c8.json b/objects/vulnerability/vulnerability--1227ad00-de37-4fac-a48e-2bde887a30c8.json new file mode 100644 index 00000000000..80c8f551f1a --- /dev/null +++ b/objects/vulnerability/vulnerability--1227ad00-de37-4fac-a48e-2bde887a30c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--722466cf-996c-422a-8a50-d8e168e7613d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1227ad00-de37-4fac-a48e-2bde887a30c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.580012Z", + "modified": "2024-12-30T00:22:01.580012Z", + "name": "CVE-2024-12981", + "description": "A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12981" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--12bbd1c6-91be-4a81-ad12-0273a6379e20.json b/objects/vulnerability/vulnerability--12bbd1c6-91be-4a81-ad12-0273a6379e20.json new file mode 100644 index 00000000000..5ba4da71f0a --- /dev/null +++ b/objects/vulnerability/vulnerability--12bbd1c6-91be-4a81-ad12-0273a6379e20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ad47a5a-d6a2-4128-910f-12e9c5da7f3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--12bbd1c6-91be-4a81-ad12-0273a6379e20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.59273Z", + "modified": "2024-12-30T00:22:03.59273Z", + "name": "CVE-2024-56643", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: Fix memory leak in dccp_feat_change_recv\n\nIf dccp_feat_push_confirm() fails after new value for SP feature was accepted\nwithout reconciliation ('entry == NULL' branch), memory allocated for that value\nwith dccp_feat_clone_sp_val() is never freed.\n\nHere is the kmemleak stack for this:\n\nunreferenced object 0xffff88801d4ab488 (size 8):\n comm \"syz-executor310\", pid 1127, jiffies 4295085598 (age 41.666s)\n hex dump (first 8 bytes):\n 01 b4 4a 1d 80 88 ff ff ..J.....\n backtrace:\n [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128\n [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline]\n [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline]\n [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline]\n [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416\n [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125\n [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650\n [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688\n [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline]\n [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570\n [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111\n [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline]\n [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696\n [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735\n [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865\n [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882\n [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline]\n [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline]\n [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889\n [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\n [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nClean up the allocated memory in case of dccp_feat_push_confirm() failure\nand bail out with an error reset code.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1358f56a-da0f-4cfd-a045-9f1c29d73f73.json b/objects/vulnerability/vulnerability--1358f56a-da0f-4cfd-a045-9f1c29d73f73.json new file mode 100644 index 00000000000..429bbc1a32c --- /dev/null +++ b/objects/vulnerability/vulnerability--1358f56a-da0f-4cfd-a045-9f1c29d73f73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ce978ec2-32e9-432d-b0b6-1de35eb34e91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1358f56a-da0f-4cfd-a045-9f1c29d73f73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.40241Z", + "modified": "2024-12-30T00:22:02.40241Z", + "name": "CVE-2024-53224", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Move events notifier registration to be after device registration\n\nMove pkey change work initialization and cleanup from device resources\nstage to notifier stage, since this is the stage which handles this work\nevents.\n\nFix a race between the device deregistration and pkey change work by moving\nMLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to\nensure that the notifier is deregistered before the device during cleanup.\nWhich ensures there are no works that are being executed after the\ndevice has already unregistered which can cause the panic below.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1\nHardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023\nWorkqueue: events pkey_change_handler [mlx5_ib]\nRIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib]\nCode: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40\nRSP: 0018:ffffbcc54068be20 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36\nRDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128\nRBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001\nR10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000\nR13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905\nFS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\nmlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib]\nprocess_one_work+0x1e8/0x3c0\nworker_thread+0x50/0x3b0\n? rescuer_thread+0x380/0x380\nkthread+0x149/0x170\n? set_kthread_struct+0x50/0x50\nret_from_fork+0x22/0x30\nModules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core]\nCR2: 0000000000000000\n---[ end trace f6f8be4eae12f7bc ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53224" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--153b19a9-2259-471f-ae84-e1b28f7ff61b.json b/objects/vulnerability/vulnerability--153b19a9-2259-471f-ae84-e1b28f7ff61b.json new file mode 100644 index 00000000000..bee16cfbd0b --- /dev/null +++ b/objects/vulnerability/vulnerability--153b19a9-2259-471f-ae84-e1b28f7ff61b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c079831b-2e58-42a4-a664-ae46a2865557", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--153b19a9-2259-471f-ae84-e1b28f7ff61b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.559509Z", + "modified": "2024-12-30T00:22:03.559509Z", + "name": "CVE-2024-56637", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Hold module reference while requesting a module\n\nUser space may unload ip_set.ko while it is itself requesting a set type\nbackend module, leading to a kernel crash. The race condition may be\nprovoked by inserting an mdelay() right after the nfnl_unlock() call.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16724c59-608d-48ff-9130-e4c0c0e97a4b.json b/objects/vulnerability/vulnerability--16724c59-608d-48ff-9130-e4c0c0e97a4b.json new file mode 100644 index 00000000000..514a1a73c92 --- /dev/null +++ b/objects/vulnerability/vulnerability--16724c59-608d-48ff-9130-e4c0c0e97a4b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76efcfc0-d1ae-4282-a544-98f267e59fb1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16724c59-608d-48ff-9130-e4c0c0e97a4b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.5019Z", + "modified": "2024-12-30T00:22:03.5019Z", + "name": "CVE-2024-56658", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: defer final 'struct net' free in netns dismantle\n\nIlya reported a slab-use-after-free in dst_destroy [1]\n\nIssue is in xfrm6_net_init() and xfrm4_net_init() :\n\nThey copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops.\n\nBut net structure might be freed before all the dst callbacks are\ncalled. So when dst_destroy() calls later :\n\nif (dst->ops->destroy)\n dst->ops->destroy(dst);\n\ndst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed.\n\nSee a relevant issue fixed in :\n\nac888d58869b (\"net: do not delay dst_entries_add() in dst_release()\")\n\nA fix is to queue the 'struct net' to be freed after one\nanother cleanup_net() round (and existing rcu_barrier())\n\n[1]\n\nBUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112)\nRead of size 8 at addr ffff8882137ccab0 by task swapper/37/0\nDec 03 05:46:18 kernel:\nCPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67\nHardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014\nCall Trace:\n \ndump_stack_lvl (lib/dump_stack.c:124)\nprint_address_description.constprop.0 (mm/kasan/report.c:378)\n? dst_destroy (net/core/dst.c:112)\nprint_report (mm/kasan/report.c:489)\n? dst_destroy (net/core/dst.c:112)\n? kasan_addr_to_slab (mm/kasan/common.c:37)\nkasan_report (mm/kasan/report.c:603)\n? dst_destroy (net/core/dst.c:112)\n? rcu_do_batch (kernel/rcu/tree.c:2567)\ndst_destroy (net/core/dst.c:112)\nrcu_do_batch (kernel/rcu/tree.c:2567)\n? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406)\nrcu_core (kernel/rcu/tree.c:2825)\nhandle_softirqs (kernel/softirq.c:554)\n__irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637)\nirq_exit_rcu (kernel/softirq.c:651)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049)\n \n \nasm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702)\nRIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743)\nCode: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90\nRSP: 0018:ffff888100d2fe00 EFLAGS: 00000246\nRAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d\nR10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000\nR13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000\n? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148)\n? cpuidle_idle_call (kernel/sched/idle.c:186)\ndefault_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118)\ncpuidle_idle_call (kernel/sched/idle.c:186)\n? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168)\n? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)\n? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)\n? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59)\ndo_idle (kernel/sched/idle.c:326)\ncpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1))\nstart_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282)\n? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232)\n? soft_restart_cpu (arch/x86/kernel/head_64.S:452)\ncommon_startup_64 (arch/x86/kernel/head_64.S:414)\n \nDec 03 05:46:18 kernel:\nAllocated by task 12184:\nkasan_save_stack (mm/kasan/common.c:48)\nkasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)\n__kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345)\nkmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141)\ncopy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480)\ncreate_new_namespaces\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16b9027f-2f0a-4dcb-8fbe-84d80feb380e.json b/objects/vulnerability/vulnerability--16b9027f-2f0a-4dcb-8fbe-84d80feb380e.json new file mode 100644 index 00000000000..e6c86662539 --- /dev/null +++ b/objects/vulnerability/vulnerability--16b9027f-2f0a-4dcb-8fbe-84d80feb380e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4d1ff7f-590c-4947-a845-35de9d987bd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16b9027f-2f0a-4dcb-8fbe-84d80feb380e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.457451Z", + "modified": "2024-12-30T00:22:02.457451Z", + "name": "CVE-2024-53237", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix use-after-free in device_for_each_child()\n\nSyzbot has reported the following KASAN splat:\n\nBUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0\nRead of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980\n\nCPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x100/0x190\n ? device_for_each_child+0x18f/0x1a0\n print_report+0x13a/0x4cb\n ? __virt_addr_valid+0x5e/0x590\n ? __phys_addr+0xc6/0x150\n ? device_for_each_child+0x18f/0x1a0\n kasan_report+0xda/0x110\n ? device_for_each_child+0x18f/0x1a0\n ? __pfx_dev_memalloc_noio+0x10/0x10\n device_for_each_child+0x18f/0x1a0\n ? __pfx_device_for_each_child+0x10/0x10\n pm_runtime_set_memalloc_noio+0xf2/0x180\n netdev_unregister_kobject+0x1ed/0x270\n unregister_netdevice_many_notify+0x123c/0x1d80\n ? __mutex_trylock_common+0xde/0x250\n ? __pfx_unregister_netdevice_many_notify+0x10/0x10\n ? trace_contention_end+0xe6/0x140\n ? __mutex_lock+0x4e7/0x8f0\n ? __pfx_lock_acquire.part.0+0x10/0x10\n ? rcu_is_watching+0x12/0xc0\n ? unregister_netdev+0x12/0x30\n unregister_netdevice_queue+0x30d/0x3f0\n ? __pfx_unregister_netdevice_queue+0x10/0x10\n ? __pfx_down_write+0x10/0x10\n unregister_netdev+0x1c/0x30\n bnep_session+0x1fb3/0x2ab0\n ? __pfx_bnep_session+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_woken_wake_function+0x10/0x10\n ? __kthread_parkme+0x132/0x200\n ? __pfx_bnep_session+0x10/0x10\n ? kthread+0x13a/0x370\n ? __pfx_bnep_session+0x10/0x10\n kthread+0x2b7/0x370\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x48/0x80\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 4974:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n __kmalloc_noprof+0x1d1/0x440\n hci_alloc_dev_priv+0x1d/0x2820\n __vhci_create_device+0xef/0x7d0\n vhci_write+0x2c7/0x480\n vfs_write+0x6a0/0xfc0\n ksys_write+0x12f/0x260\n do_syscall_64+0xc7/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 4979:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x4f/0x70\n kfree+0x141/0x490\n hci_release_dev+0x4d9/0x600\n bt_host_release+0x6a/0xb0\n device_release+0xa4/0x240\n kobject_put+0x1ec/0x5a0\n put_device+0x1f/0x30\n vhci_release+0x81/0xf0\n __fput+0x3f6/0xb30\n task_work_run+0x151/0x250\n do_exit+0xa79/0x2c30\n do_group_exit+0xd5/0x2a0\n get_signal+0x1fcd/0x2210\n arch_do_signal_or_restart+0x93/0x780\n syscall_exit_to_user_mode+0x140/0x290\n do_syscall_64+0xd4/0x250\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nIn 'hci_conn_del_sysfs()', 'device_unregister()' may be called when\nan underlying (kobject) reference counter is greater than 1. This\nmeans that reparenting (happened when the device is actually freed)\nis delayed and, during that delay, parent controller device (hciX)\nmay be deleted. Since the latter may create a dangling pointer to\nfreed parent, avoid that scenario by reparenting to NULL explicitly.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--174cdeba-21fd-4dda-bf27-d1637308c995.json b/objects/vulnerability/vulnerability--174cdeba-21fd-4dda-bf27-d1637308c995.json new file mode 100644 index 00000000000..15349bc2b89 --- /dev/null +++ b/objects/vulnerability/vulnerability--174cdeba-21fd-4dda-bf27-d1637308c995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b20a26ec-c659-45cf-8544-5ab6bf26d34e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--174cdeba-21fd-4dda-bf27-d1637308c995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.530775Z", + "modified": "2024-12-30T00:22:03.530775Z", + "name": "CVE-2024-56609", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb\n\nWhen removing kernel modules by:\n rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core\n\nDriver uses skb_queue_purge() to purge TX skb, but not report tx status\ncausing \"Have pending ack frames!\" warning. Use ieee80211_purge_tx_queue()\nto correct this.\n\nSince ieee80211_purge_tx_queue() doesn't take locks, to prevent racing\nbetween TX work and purge TX queue, flush and destroy TX work in advance.\n\n wlan0: deauthenticating from aa:f5:fd:60:4c:a8 by local\n choice (Reason: 3=DEAUTH_LEAVING)\n ------------[ cut here ]------------\n Have pending ack frames!\n WARNING: CPU: 3 PID: 9232 at net/mac80211/main.c:1691\n ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n CPU: 3 PID: 9232 Comm: rmmod Tainted: G C\n 6.10.1-200.fc40.aarch64 #1\n Hardware name: pine64 Pine64 PinePhone Braveheart\n (1.1)/Pine64 PinePhone Braveheart (1.1), BIOS 2024.01 01/01/2024\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n lr : ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n sp : ffff80008c1b37b0\n x29: ffff80008c1b37b0 x28: ffff000003be8000 x27: 0000000000000000\n x26: 0000000000000000 x25: ffff000003dc14b8 x24: ffff80008c1b37d0\n x23: ffff000000ff9f80 x22: 0000000000000000 x21: 000000007fffffff\n x20: ffff80007c7e93d8 x19: ffff00006e66f400 x18: 0000000000000000\n x17: ffff7ffffd2b3000 x16: ffff800083fc0000 x15: 0000000000000000\n x14: 0000000000000000 x13: 2173656d61726620 x12: 6b636120676e6964\n x11: 0000000000000000 x10: 000000000000005d x9 : ffff8000802af2b0\n x8 : ffff80008c1b3430 x7 : 0000000000000001 x6 : 0000000000000001\n x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000003be8000\n Call trace:\n ieee80211_free_ack_frame+0x5c/0x90 [mac80211]\n idr_for_each+0x74/0x110\n ieee80211_free_hw+0x44/0xe8 [mac80211]\n rtw_sdio_remove+0x9c/0xc0 [rtw88_sdio]\n sdio_bus_remove+0x44/0x180\n device_remove+0x54/0x90\n device_release_driver_internal+0x1d4/0x238\n driver_detach+0x54/0xc0\n bus_remove_driver+0x78/0x108\n driver_unregister+0x38/0x78\n sdio_unregister_driver+0x2c/0x40\n rtw_8723cs_driver_exit+0x18/0x1000 [rtw88_8723cs]\n __do_sys_delete_module.isra.0+0x190/0x338\n __arm64_sys_delete_module+0x1c/0x30\n invoke_syscall+0x74/0x100\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x3c/0x158\n el0t_64_sync_handler+0x120/0x138\n el0t_64_sync+0x194/0x198\n ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56609" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17612a28-74ed-4176-8a44-b39190d21793.json b/objects/vulnerability/vulnerability--17612a28-74ed-4176-8a44-b39190d21793.json new file mode 100644 index 00000000000..f046d6c81cb --- /dev/null +++ b/objects/vulnerability/vulnerability--17612a28-74ed-4176-8a44-b39190d21793.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb58cc3d-1f46-42c7-a5d4-cfe00ca128dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17612a28-74ed-4176-8a44-b39190d21793", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.558407Z", + "modified": "2024-12-30T00:22:03.558407Z", + "name": "CVE-2024-56730", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p/usbg: fix handling of the failed kzalloc() memory allocation\n\nOn the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the\nfollowing error report:\n\n./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns\nNULL not ERR_PTR on failure\n\nkzalloc() failure is fixed to handle the NULL return case on the memory exhaustion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56730" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--17ff69b0-544f-47ee-af9d-c81595af1a44.json b/objects/vulnerability/vulnerability--17ff69b0-544f-47ee-af9d-c81595af1a44.json new file mode 100644 index 00000000000..5f4ef5b7c9b --- /dev/null +++ b/objects/vulnerability/vulnerability--17ff69b0-544f-47ee-af9d-c81595af1a44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52c87d3d-b8c6-4f33-8532-d27661594c2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--17ff69b0-544f-47ee-af9d-c81595af1a44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.510073Z", + "modified": "2024-12-30T00:22:03.510073Z", + "name": "CVE-2024-56726", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56726" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1804171d-d2e1-47af-b4f3-f05becc628c6.json b/objects/vulnerability/vulnerability--1804171d-d2e1-47af-b4f3-f05becc628c6.json new file mode 100644 index 00000000000..cb4435a006e --- /dev/null +++ b/objects/vulnerability/vulnerability--1804171d-d2e1-47af-b4f3-f05becc628c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38c5cea2-ed6e-4f6b-89bd-a44a408ee1c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1804171d-d2e1-47af-b4f3-f05becc628c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.368519Z", + "modified": "2024-12-30T00:22:02.368519Z", + "name": "CVE-2024-53216", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: release svc_expkey/svc_export with rcu_work\n\nThe last reference for `cache_head` can be reduced to zero in `c_show`\nand `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently,\n`svc_export_put` and `expkey_put` will be invoked, leading to two\nissues:\n\n1. The `svc_export_put` will directly free ex_uuid. However,\n `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can\n trigger a use-after-free issue, shown below.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd]\n Read of size 1 at addr ff11000010fdc120 by task cat/870\n\n CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x53/0x70\n print_address_description.constprop.0+0x2c/0x3a0\n print_report+0xb9/0x280\n kasan_report+0xae/0xe0\n svc_export_show+0x362/0x430 [nfsd]\n c_show+0x161/0x390 [sunrpc]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n proc_reg_read+0xe1/0x140\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Allocated by task 830:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc_node_track_caller_noprof+0x1bc/0x400\n kmemdup_noprof+0x22/0x50\n svc_export_parse+0x8a9/0xb80 [nfsd]\n cache_do_downcall+0x71/0xa0 [sunrpc]\n cache_write_procfs+0x8e/0xd0 [sunrpc]\n proc_reg_write+0xe1/0x140\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 868:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kfree+0xf3/0x3e0\n svc_export_put+0x87/0xb0 [nfsd]\n cache_purge+0x17f/0x1f0 [sunrpc]\n nfsd_destroy_serv+0x226/0x2d0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`.\n However, `svc_export_put`/`expkey_put` will call path_put, which\n subsequently triggers a sleeping operation due to the following\n `dput`.\n\n =============================\n WARNING: suspicious RCU usage\n 5.10.0-dirty #141 Not tainted\n -----------------------------\n ...\n Call Trace:\n dump_stack+0x9a/0xd0\n ___might_sleep+0x231/0x240\n dput+0x39/0x600\n path_put+0x1b/0x30\n svc_export_put+0x17/0x80\n e_show+0x1c9/0x200\n seq_read_iter+0x63f/0x7c0\n seq_read+0x226/0x2d0\n vfs_read+0x113/0x2c0\n ksys_read+0xc9/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n\nFix these issues by using `rcu_work` to help release\n`svc_expkey`/`svc_export`. This approach allows for an asynchronous\ncontext to invoke `path_put` and also facilitates the freeing of\n`uuid/exp/key` after an RCU grace period.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53216" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1927ad52-8d83-40ab-b500-e55bd58d9c19.json b/objects/vulnerability/vulnerability--1927ad52-8d83-40ab-b500-e55bd58d9c19.json new file mode 100644 index 00000000000..4efabb042e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1927ad52-8d83-40ab-b500-e55bd58d9c19.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5255ca50-58fb-4095-ae2b-414c36b4cb39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1927ad52-8d83-40ab-b500-e55bd58d9c19", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.421645Z", + "modified": "2024-12-30T00:22:03.421645Z", + "name": "CVE-2024-56709", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check if iowq is killed before queuing\n\ntask work can be executed after the task has gone through io_uring\ntermination, whether it's the final task_work run or the fallback path.\nIn this case, task work will find ->io_wq being already killed and\nnull'ed, which is a problem if it then tries to forward the request to\nio_queue_iowq(). Make io_queue_iowq() fail requests in this case.\n\nNote that it also checks PF_KTHREAD, because the user can first close\na DEFER_TASKRUN ring and shortly after kill the task, in which case\n->iowq check would race.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56709" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19627169-def4-4c5b-ab58-8cf3b5210db6.json b/objects/vulnerability/vulnerability--19627169-def4-4c5b-ab58-8cf3b5210db6.json new file mode 100644 index 00000000000..0d26d64dd64 --- /dev/null +++ b/objects/vulnerability/vulnerability--19627169-def4-4c5b-ab58-8cf3b5210db6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f644aa7b-53bc-44d2-baf6-76ae79c99656", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19627169-def4-4c5b-ab58-8cf3b5210db6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.431494Z", + "modified": "2024-12-30T00:22:02.431494Z", + "name": "CVE-2024-53191", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix warning when unbinding\n\nIf there is an error during some initialization related to firmware,\nthe buffers dp->tx_ring[i].tx_status are released.\nHowever this is released again when the device is unbinded (ath12k_pci),\nand we get:\nWARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80\nCall Trace:\nfree_large_kmalloc\nath12k_dp_free\nath12k_core_deinit\nath12k_pci_remove\n...\n\nThe issue is always reproducible from a VM because the MSI addressing\ninitialization is failing.\n\nIn order to fix the issue, just set the buffers to NULL after releasing in\norder to avoid the double free.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53191" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ae17fc2-d69b-4446-962a-8bf319277b76.json b/objects/vulnerability/vulnerability--1ae17fc2-d69b-4446-962a-8bf319277b76.json new file mode 100644 index 00000000000..7442894e866 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ae17fc2-d69b-4446-962a-8bf319277b76.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31d2cab3-b31f-4b5e-bb64-1696e8668ba6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ae17fc2-d69b-4446-962a-8bf319277b76", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.848316Z", + "modified": "2024-12-30T00:22:16.848316Z", + "name": "CVE-2020-9211", + "description": "There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. (Vulnerability ID: HWPSIRT-2020-05103)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9211.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bccb5d2-4793-4acb-bf21-5f440a978f00.json b/objects/vulnerability/vulnerability--1bccb5d2-4793-4acb-bf21-5f440a978f00.json new file mode 100644 index 00000000000..427c00d06d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--1bccb5d2-4793-4acb-bf21-5f440a978f00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f0b535c-f0ec-4720-8089-ea4d5cf4b019", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bccb5d2-4793-4acb-bf21-5f440a978f00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.596039Z", + "modified": "2024-12-30T00:22:01.596039Z", + "name": "CVE-2024-12979", + "description": "A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12979" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c08aa72-e89c-426d-9eaa-adf065500df3.json b/objects/vulnerability/vulnerability--1c08aa72-e89c-426d-9eaa-adf065500df3.json new file mode 100644 index 00000000000..db509149396 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c08aa72-e89c-426d-9eaa-adf065500df3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ff174ee-d64c-470e-822a-a6e41cfbbec7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c08aa72-e89c-426d-9eaa-adf065500df3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.525298Z", + "modified": "2024-12-30T00:22:03.525298Z", + "name": "CVE-2024-56586", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.\n\ncreating a large files during checkpoint disable until it runs out of\nspace and then delete it, then remount to enable checkpoint again, and\nthen unmount the filesystem triggers the f2fs_bug_on as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/inode.c:896!\nCPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:f2fs_evict_inode+0x58c/0x610\nCall Trace:\n __die_body+0x15/0x60\n die+0x33/0x50\n do_trap+0x10a/0x120\n f2fs_evict_inode+0x58c/0x610\n do_error_trap+0x60/0x80\n f2fs_evict_inode+0x58c/0x610\n exc_invalid_op+0x53/0x60\n f2fs_evict_inode+0x58c/0x610\n asm_exc_invalid_op+0x16/0x20\n f2fs_evict_inode+0x58c/0x610\n evict+0x101/0x260\n dispose_list+0x30/0x50\n evict_inodes+0x140/0x190\n generic_shutdown_super+0x2f/0x150\n kill_block_super+0x11/0x40\n kill_f2fs_super+0x7d/0x140\n deactivate_locked_super+0x2a/0x70\n cleanup_mnt+0xb3/0x140\n task_work_run+0x61/0x90\n\nThe root cause is: creating large files during disable checkpoint\nperiod results in not enough free segments, so when writing back root\ninode will failed in f2fs_enable_checkpoint. When umount the file\nsystem after enabling checkpoint, the root inode is dirty in\nf2fs_evict_inode function, which triggers BUG_ON. The steps to\nreproduce are as follows:\n\ndd if=/dev/zero of=f2fs.img bs=1M count=55\nmount f2fs.img f2fs_dir -o checkpoint=disable:10%\ndd if=/dev/zero of=big bs=1M count=50\nsync\nrm big\nmount -o remount,checkpoint=enable f2fs_dir\numount f2fs_dir\n\nLet's redirty inode when there is not free segments during checkpoint\nis disable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56586" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c1ef40e-e285-47e2-9f31-721cb5656cca.json b/objects/vulnerability/vulnerability--1c1ef40e-e285-47e2-9f31-721cb5656cca.json new file mode 100644 index 00000000000..54131646d02 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c1ef40e-e285-47e2-9f31-721cb5656cca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da477ffc-4298-4e34-a933-aa77320e09f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c1ef40e-e285-47e2-9f31-721cb5656cca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.400061Z", + "modified": "2024-12-30T00:22:02.400061Z", + "name": "CVE-2024-53194", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix use-after-free of slot->bus on hot remove\n\nDennis reports a boot crash on recent Lenovo laptops with a USB4 dock.\n\nSince commit 0fc70886569c (\"thunderbolt: Reset USB4 v2 host router\") and\ncommit 59a54c5f3dbd (\"thunderbolt: Reset topology created by the boot\nfirmware\"), USB4 v2 and v1 Host Routers are reset on probe of the\nthunderbolt driver.\n\nThe reset clears the Presence Detect State and Data Link Layer Link Active\nbits at the USB4 Host Router's Root Port and thus causes hot removal of the\ndock.\n\nThe crash occurs when pciehp is unbound from one of the dock's Downstream\nPorts: pciehp creates a pci_slot on bind and destroys it on unbind. The\npci_slot contains a pointer to the pci_bus below the Downstream Port, but\na reference on that pci_bus is never acquired. The pci_bus is destroyed\nbefore the pci_slot, so a use-after-free ensues when pci_slot_release()\naccesses slot->bus.\n\nIn principle this should not happen because pci_stop_bus_device() unbinds\npciehp (and therefore destroys the pci_slot) before the pci_bus is\ndestroyed by pci_remove_bus_device().\n\nHowever the stacktrace provided by Dennis shows that pciehp is unbound from\npci_remove_bus_device() instead of pci_stop_bus_device(). To understand\nthe significance of this, one needs to know that the PCI core uses a two\nstep process to remove a portion of the hierarchy: It first unbinds all\ndrivers in the sub-hierarchy in pci_stop_bus_device() and then actually\nremoves the devices in pci_remove_bus_device(). There is no precaution to\nprevent driver binding in-between pci_stop_bus_device() and\npci_remove_bus_device().\n\nIn Dennis' case, it seems removal of the hierarchy by pciehp races with\ndriver binding by pci_bus_add_devices(). pciehp is bound to the\nDownstream Port after pci_stop_bus_device() has run, so it is unbound by\npci_remove_bus_device() instead of pci_stop_bus_device(). Because the\npci_bus has already been destroyed at that point, accesses to it result in\na use-after-free.\n\nOne might conclude that driver binding needs to be prevented after\npci_stop_bus_device() has run. However it seems risky that pci_slot points\nto pci_bus without holding a reference. Solely relying on correct ordering\nof driver unbind versus pci_bus destruction is certainly not defensive\nprogramming.\n\nIf pci_slot has a need to access data in pci_bus, it ought to acquire a\nreference. Amend pci_create_slot() accordingly. Dennis reports that the\ncrash is not reproducible with this change.\n\nAbridged stacktrace:\n\n pcieport 0000:00:07.0: PME: Signaling with IRQ 156\n pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+\n pci_bus 0000:20: dev 00, created physical slot 12\n pcieport 0000:00:07.0: pciehp: Slot(12): Card not present\n ...\n pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0\n Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1\n RIP: 0010:dev_driver_string+0x12/0x40\n pci_destroy_slot\n pciehp_remove\n pcie_port_remove_service\n device_release_driver_internal\n bus_remove_device\n device_del\n device_unregister\n remove_iter\n device_for_each_child\n pcie_portdrv_remove\n pci_device_remove\n device_release_driver_internal\n bus_remove_device\n device_del\n pci_remove_bus_device (recursive invocation)\n pci_remove_bus_device\n pciehp_unconfigure_device\n pciehp_disable_slot\n pciehp_handle_presence_or_link_change\n pciehp_ist", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53194" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c2ef83c-dcb9-4a95-9dd7-2913edbab818.json b/objects/vulnerability/vulnerability--1c2ef83c-dcb9-4a95-9dd7-2913edbab818.json new file mode 100644 index 00000000000..6b255d3ca5c --- /dev/null +++ b/objects/vulnerability/vulnerability--1c2ef83c-dcb9-4a95-9dd7-2913edbab818.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4136f255-5783-4365-a44c-92f846d32f0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c2ef83c-dcb9-4a95-9dd7-2913edbab818", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.587444Z", + "modified": "2024-12-30T00:22:03.587444Z", + "name": "CVE-2024-56716", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: prevent bad user input in nsim_dev_health_break_write()\n\nIf either a zero count or a large one is provided, kernel can crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56716" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c5ba6b0-eed2-4a07-9fbd-a11953e83d37.json b/objects/vulnerability/vulnerability--1c5ba6b0-eed2-4a07-9fbd-a11953e83d37.json new file mode 100644 index 00000000000..3eddc37723f --- /dev/null +++ b/objects/vulnerability/vulnerability--1c5ba6b0-eed2-4a07-9fbd-a11953e83d37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fcce5be-4e43-46c4-b28a-18a72bf0efa4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c5ba6b0-eed2-4a07-9fbd-a11953e83d37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.474979Z", + "modified": "2024-12-30T00:22:02.474979Z", + "name": "CVE-2024-53201", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe\n\nThis commit addresses a null pointer dereference issue in\ndcn20_program_pipe(). Previously, commit 8e4ed3cf1642 (\"drm/amd/display:\nAdd null check for pipe_ctx->plane_state in dcn20_program_pipe\")\npartially fixed the null pointer dereference issue. However, in\ndcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and\nplane_state is accessed again through pipe_ctx. Multiple if statements\ndirectly call attributes of plane_state, leading to potential null\npointer dereference issues. This patch adds necessary null checks to\nensure stability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c619fc4-a442-4a0f-8469-f04c8dc7b8b5.json b/objects/vulnerability/vulnerability--1c619fc4-a442-4a0f-8469-f04c8dc7b8b5.json new file mode 100644 index 00000000000..e29cfdd76bf --- /dev/null +++ b/objects/vulnerability/vulnerability--1c619fc4-a442-4a0f-8469-f04c8dc7b8b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d003d615-9bba-421c-983e-db8f00d96dba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c619fc4-a442-4a0f-8469-f04c8dc7b8b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:15.754127Z", + "modified": "2024-12-30T00:22:15.754127Z", + "name": "CVE-2018-25107", + "description": "The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2018-25107" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cc20f60-114a-4d1e-be5d-37930cad5ec3.json b/objects/vulnerability/vulnerability--1cc20f60-114a-4d1e-be5d-37930cad5ec3.json new file mode 100644 index 00000000000..a42390227e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--1cc20f60-114a-4d1e-be5d-37930cad5ec3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--848bbb53-6dc7-4453-91bc-b2d816580ab5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cc20f60-114a-4d1e-be5d-37930cad5ec3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.245545Z", + "modified": "2024-12-30T00:22:02.245545Z", + "name": "CVE-2024-3393", + "description": "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3393" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cf7dce7-9e85-4237-a5a7-00b1d2f18551.json b/objects/vulnerability/vulnerability--1cf7dce7-9e85-4237-a5a7-00b1d2f18551.json new file mode 100644 index 00000000000..8cf09f2ad57 --- /dev/null +++ b/objects/vulnerability/vulnerability--1cf7dce7-9e85-4237-a5a7-00b1d2f18551.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aaf9d918-ed34-4ea2-8cf3-21f8a3efe31f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cf7dce7-9e85-4237-a5a7-00b1d2f18551", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.721803Z", + "modified": "2024-12-30T00:22:01.721803Z", + "name": "CVE-2024-9774", + "description": "A vulnerability was found in python-sql where unary operators do not escape non-Expression.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d50a860-90ea-48f8-b63f-b1ae76354645.json b/objects/vulnerability/vulnerability--1d50a860-90ea-48f8-b63f-b1ae76354645.json new file mode 100644 index 00000000000..b77c998b5ff --- /dev/null +++ b/objects/vulnerability/vulnerability--1d50a860-90ea-48f8-b63f-b1ae76354645.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--612bcfa3-ed70-4b09-ae64-4353fe5a8f28", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d50a860-90ea-48f8-b63f-b1ae76354645", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.407883Z", + "modified": "2024-12-30T00:22:02.407883Z", + "name": "CVE-2024-53213", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: lan78xx: Fix double free issue with interrupt buffer allocation\n\nIn lan78xx_probe(), the buffer `buf` was being freed twice: once\nimplicitly through `usb_free_urb(dev->urb_intr)` with the\n`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused\na double free issue.\n\nTo resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to\nsimplify the initialization sequence and removed the redundant\n`kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring\nit is correctly managed by `usb_fill_int_urb()` and freed by\n`usb_free_urb()` as intended.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1eb761c9-9939-42fa-a2bc-00d869c4ed81.json b/objects/vulnerability/vulnerability--1eb761c9-9939-42fa-a2bc-00d869c4ed81.json new file mode 100644 index 00000000000..3d9be71c921 --- /dev/null +++ b/objects/vulnerability/vulnerability--1eb761c9-9939-42fa-a2bc-00d869c4ed81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3b67688-b1e1-44c1-8bf2-16fc112956c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1eb761c9-9939-42fa-a2bc-00d869c4ed81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.584816Z", + "modified": "2024-12-30T00:22:01.584816Z", + "name": "CVE-2024-12983", + "description": "A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12983" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2021e703-6d50-4a09-bbad-28a9a8756469.json b/objects/vulnerability/vulnerability--2021e703-6d50-4a09-bbad-28a9a8756469.json new file mode 100644 index 00000000000..d1c80f3797e --- /dev/null +++ b/objects/vulnerability/vulnerability--2021e703-6d50-4a09-bbad-28a9a8756469.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0cb73e8-96fe-4a01-a8cf-3a5ecbf0f990", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2021e703-6d50-4a09-bbad-28a9a8756469", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.844892Z", + "modified": "2024-12-30T00:22:16.844892Z", + "name": "CVE-2020-9080", + "description": "There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9080" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20e25ba2-0d41-4147-883a-e68a0b896f16.json b/objects/vulnerability/vulnerability--20e25ba2-0d41-4147-883a-e68a0b896f16.json new file mode 100644 index 00000000000..f003aa5bb8d --- /dev/null +++ b/objects/vulnerability/vulnerability--20e25ba2-0d41-4147-883a-e68a0b896f16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7735afc0-d5e6-4c97-ad6b-a118b4bd7db7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20e25ba2-0d41-4147-883a-e68a0b896f16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.432723Z", + "modified": "2024-12-30T00:22:02.432723Z", + "name": "CVE-2024-53169", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fabrics: fix kernel crash while shutting down controller\n\nThe nvme keep-alive operation, which executes at a periodic interval,\ncould potentially sneak in while shutting down a fabric controller.\nThis may lead to a race between the fabric controller admin queue\ndestroy code path (invoked while shutting down controller) and hw/hctx\nqueue dispatcher called from the nvme keep-alive async request queuing\noperation. This race could lead to the kernel crash shown below:\n\nCall Trace:\n autoremove_wake_function+0x0/0xbc (unreliable)\n __blk_mq_sched_dispatch_requests+0x114/0x24c\n blk_mq_sched_dispatch_requests+0x44/0x84\n blk_mq_run_hw_queue+0x140/0x220\n nvme_keep_alive_work+0xc8/0x19c [nvme_core]\n process_one_work+0x200/0x4e0\n worker_thread+0x340/0x504\n kthread+0x138/0x140\n start_kernel_thread+0x14/0x18\n\nWhile shutting down fabric controller, if nvme keep-alive request sneaks\nin then it would be flushed off. The nvme_keep_alive_end_io function is\nthen invoked to handle the end of the keep-alive operation which\ndecrements the admin->q_usage_counter and assuming this is the last/only\nrequest in the admin queue then the admin->q_usage_counter becomes zero.\nIf that happens then blk-mq destroy queue operation (blk_mq_destroy_\nqueue()) which could be potentially running simultaneously on another\ncpu (as this is the controller shutdown code path) would forward\nprogress and deletes the admin queue. So, now from this point onward\nwe are not supposed to access the admin queue resources. However the\nissue here's that the nvme keep-alive thread running hw/hctx queue\ndispatch operation hasn't yet finished its work and so it could still\npotentially access the admin queue resource while the admin queue had\nbeen already deleted and that causes the above crash.\n\nThe above kernel crash is regression caused due to changes implemented\nin commit a54a93d0e359 (\"nvme: move stopping keep-alive into\nnvme_uninit_ctrl()\"). Ideally we should stop keep-alive before destroyin\ng the admin queue and freeing the admin tagset so that it wouldn't sneak\nin during the shutdown operation. However we removed the keep alive stop\noperation from the beginning of the controller shutdown code path in commit\na54a93d0e359 (\"nvme: move stopping keep-alive into nvme_uninit_ctrl()\")\nand added it under nvme_uninit_ctrl() which executes very late in the\nshutdown code path after the admin queue is destroyed and its tagset is\nremoved. So this change created the possibility of keep-alive sneaking in\nand interfering with the shutdown operation and causing observed kernel\ncrash.\n\nTo fix the observed crash, we decided to move nvme_stop_keep_alive() from\nnvme_uninit_ctrl() to nvme_remove_admin_tag_set(). This change would ensure\nthat we don't forward progress and delete the admin queue until the keep-\nalive operation is finished (if it's in-flight) or cancelled and that would\nhelp contain the race condition explained above and hence avoid the crash.\n\nMoving nvme_stop_keep_alive() to nvme_remove_admin_tag_set() instead of\nadding nvme_stop_keep_alive() to the beginning of the controller shutdown\ncode path in nvme_stop_ctrl(), as was the case earlier before commit\na54a93d0e359 (\"nvme: move stopping keep-alive into nvme_uninit_ctrl()\"),\nwould help save one callsite of nvme_stop_keep_alive().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21429f78-2941-448e-a092-764ca3d3b24b.json b/objects/vulnerability/vulnerability--21429f78-2941-448e-a092-764ca3d3b24b.json new file mode 100644 index 00000000000..af7328ffb9d --- /dev/null +++ b/objects/vulnerability/vulnerability--21429f78-2941-448e-a092-764ca3d3b24b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e72e902c-3d32-45fc-b101-4142e1fd91cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21429f78-2941-448e-a092-764ca3d3b24b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.9561Z", + "modified": "2024-12-30T00:22:03.9561Z", + "name": "CVE-2024-13016", + "description": "A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--228ecd4d-3e4d-4791-aa03-7d1d99900695.json b/objects/vulnerability/vulnerability--228ecd4d-3e4d-4791-aa03-7d1d99900695.json new file mode 100644 index 00000000000..c99806a910a --- /dev/null +++ b/objects/vulnerability/vulnerability--228ecd4d-3e4d-4791-aa03-7d1d99900695.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bf759cf-2079-4aef-be68-c23b9b940be3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--228ecd4d-3e4d-4791-aa03-7d1d99900695", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.535701Z", + "modified": "2024-12-30T00:22:03.535701Z", + "name": "CVE-2024-56565", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to drop all discards after creating snapshot on lvm device\n\nPiergiorgio reported a bug in bugzilla as below:\n\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330\nRIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs]\nCall Trace:\n __issue_discard_cmd+0x1ca/0x350 [f2fs]\n issue_discard_thread+0x191/0x480 [f2fs]\n kthread+0xcf/0x100\n ret_from_fork+0x31/0x50\n ret_from_fork_asm+0x1a/0x30\n\nw/ below testcase, it can reproduce this bug quickly:\n- pvcreate /dev/vdb\n- vgcreate myvg1 /dev/vdb\n- lvcreate -L 1024m -n mylv1 myvg1\n- mount /dev/myvg1/mylv1 /mnt/f2fs\n- dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20\n- sync\n- rm /mnt/f2fs/file\n- sync\n- lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1\n- umount /mnt/f2fs\n\nThe root cause is: it will update discard_max_bytes of mounted lvm\ndevice to zero after creating snapshot on this lvm device, then,\n__submit_discard_cmd() will pass parameter @nr_sects w/ zero value\nto __blkdev_issue_discard(), it returns a NULL bio pointer, result\nin panic.\n\nThis patch changes as below for fixing:\n1. Let's drop all remained discards in f2fs_unfreeze() if snapshot\nof lvm device is created.\n2. Checking discard_max_bytes before submitting discard during\n__submit_discard_cmd().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56565" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2480729f-fc23-43d2-a408-9bc43857723c.json b/objects/vulnerability/vulnerability--2480729f-fc23-43d2-a408-9bc43857723c.json new file mode 100644 index 00000000000..ea7daa8bac3 --- /dev/null +++ b/objects/vulnerability/vulnerability--2480729f-fc23-43d2-a408-9bc43857723c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8ce5fa80-b524-4aff-9011-9e1032b04797", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2480729f-fc23-43d2-a408-9bc43857723c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.411016Z", + "modified": "2024-12-30T00:22:03.411016Z", + "name": "CVE-2024-56580", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: qcom: camss: fix error path on configuration of power domains\n\nThere is a chance to meet runtime issues during configuration of CAMSS\npower domains, because on the error path dev_pm_domain_detach() is\nunexpectedly called with NULL or error pointer.\n\nOne of the simplest ways to reproduce the problem is to probe CAMSS\ndriver before registration of CAMSS power domains, for instance if\na platform CAMCC driver is simply not built.\n\nWarning backtrace example:\n\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a2\n\n \n\n pc : dev_pm_domain_detach+0x8/0x48\n lr : camss_probe+0x374/0x9c0\n\n \n\n Call trace:\n dev_pm_domain_detach+0x8/0x48\n platform_probe+0x70/0xf0\n really_probe+0xc4/0x2a8\n __driver_probe_device+0x80/0x140\n driver_probe_device+0x48/0x170\n __device_attach_driver+0xc0/0x148\n bus_for_each_drv+0x88/0xf0\n __device_attach+0xb0/0x1c0\n device_initial_probe+0x1c/0x30\n bus_probe_device+0xb4/0xc0\n deferred_probe_work_func+0x90/0xd0\n process_one_work+0x164/0x3e0\n worker_thread+0x310/0x420\n kthread+0x120/0x130\n ret_from_fork+0x10/0x20", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56580" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--249b6df6-922e-4804-94aa-795e87f598d0.json b/objects/vulnerability/vulnerability--249b6df6-922e-4804-94aa-795e87f598d0.json new file mode 100644 index 00000000000..d16793acba0 --- /dev/null +++ b/objects/vulnerability/vulnerability--249b6df6-922e-4804-94aa-795e87f598d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74b80c6d-dbd4-4f62-98f6-97ebcd948663", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--249b6df6-922e-4804-94aa-795e87f598d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.389149Z", + "modified": "2024-12-30T00:22:02.389149Z", + "name": "CVE-2024-53235", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix file-backed mounts over FUSE\n\nsyzbot reported a null-ptr-deref in fuse_read_args_fill:\n fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905\n filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367\n do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825\n read_mapping_folio include/linux/pagemap.h:1011 [inline]\n erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41\n erofs_read_superblock fs/erofs/super.c:281 [inline]\n erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625\n\nUnlike most filesystems, some network filesystems and FUSE need\nunavoidable valid `file` pointers for their read I/Os [1].\nAnyway, those use cases need to be supported too.\n\n[1] https://docs.kernel.org/filesystems/vfs.html", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53235" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--258c29df-15d4-46bb-ace1-256242f4923d.json b/objects/vulnerability/vulnerability--258c29df-15d4-46bb-ace1-256242f4923d.json new file mode 100644 index 00000000000..abf579dcd44 --- /dev/null +++ b/objects/vulnerability/vulnerability--258c29df-15d4-46bb-ace1-256242f4923d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fb207160-adf5-4265-9b20-dbb85a69daa6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--258c29df-15d4-46bb-ace1-256242f4923d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:04.307787Z", + "modified": "2024-12-30T00:22:04.307787Z", + "name": "CVE-2024-43705", + "description": "Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26098beb-144f-4bb9-9018-16d345252e58.json b/objects/vulnerability/vulnerability--26098beb-144f-4bb9-9018-16d345252e58.json new file mode 100644 index 00000000000..6370cb03a0c --- /dev/null +++ b/objects/vulnerability/vulnerability--26098beb-144f-4bb9-9018-16d345252e58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c038ee64-fa82-4deb-b104-4e499eaaa37b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26098beb-144f-4bb9-9018-16d345252e58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.372781Z", + "modified": "2024-12-30T00:22:02.372781Z", + "name": "CVE-2024-53232", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/s390: Implement blocking domain\n\nThis fixes a crash when surprise hot-unplugging a PCI device. This crash\nhappens because during hot-unplug __iommu_group_set_domain_nofail()\nattaching the default domain fails when the platform no longer\nrecognizes the device as it has already been removed and we end up with\na NULL domain pointer and UAF. This is exactly the case referred to in\nthe second comment in __iommu_device_set_domain() and just as stated\nthere if we can instead attach the blocking domain the UAF is prevented\nas this can handle the already removed device. Implement the blocking\ndomain to use this handling. With this change, the crash is fixed but\nwe still hit a warning attempting to change DMA ownership on a blocked\ndevice.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53232" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--266a2c36-3219-488d-ad4c-bbab32851bdd.json b/objects/vulnerability/vulnerability--266a2c36-3219-488d-ad4c-bbab32851bdd.json new file mode 100644 index 00000000000..067e487f8d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--266a2c36-3219-488d-ad4c-bbab32851bdd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d2cd9c3f-c580-427c-8d6f-00dcc239f1f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--266a2c36-3219-488d-ad4c-bbab32851bdd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.610045Z", + "modified": "2024-12-30T00:22:03.610045Z", + "name": "CVE-2024-56671", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: graniterapids: Fix vGPIO driver crash\n\nMove setting irq_chip.name from probe() function to the initialization\nof \"irq_chip\" struct in order to fix vGPIO driver crash during bootup.\n\nCrash was caused by unauthorized modification of irq_chip.name field\nwhere irq_chip struct was initialized as const.\n\nThis behavior is a consequence of suboptimal implementation of\ngpio_irq_chip_set_chip(), which should be changed to avoid\ncasting away const qualifier.\n\nCrash log:\nBUG: unable to handle page fault for address: ffffffffc0ba81c0\n/#PF: supervisor write access in kernel mode\n/#PF: error_code(0x0003) - permissions violation\nCPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1\nHardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024\nRIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26985443-1db3-4afb-a18e-01841d7b0636.json b/objects/vulnerability/vulnerability--26985443-1db3-4afb-a18e-01841d7b0636.json new file mode 100644 index 00000000000..16816759cef --- /dev/null +++ b/objects/vulnerability/vulnerability--26985443-1db3-4afb-a18e-01841d7b0636.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c635205b-05ff-4315-8b53-075630a623c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26985443-1db3-4afb-a18e-01841d7b0636", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.60503Z", + "modified": "2024-12-30T00:22:01.60503Z", + "name": "CVE-2024-12980", + "description": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12980" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26a3df5a-5515-4822-bd43-809cd8fc0c77.json b/objects/vulnerability/vulnerability--26a3df5a-5515-4822-bd43-809cd8fc0c77.json new file mode 100644 index 00000000000..88bab8cbfbd --- /dev/null +++ b/objects/vulnerability/vulnerability--26a3df5a-5515-4822-bd43-809cd8fc0c77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e93bdb9e-5a38-4fc6-8c1c-e5072cbc4428", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26a3df5a-5515-4822-bd43-809cd8fc0c77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.426871Z", + "modified": "2024-12-30T00:22:02.426871Z", + "name": "CVE-2024-53192", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: clk-loongson2: Fix potential buffer overflow in flexible-array member access\n\nFlexible-array member `hws` in `struct clk_hw_onecell_data` is annotated\nwith the `counted_by()` attribute. This means that when memory is\nallocated for this array, the _counter_, which in this case is member\n`num` in the flexible structure, should be set to the maximum number of\nelements the flexible array can contain, or fewer.\n\nIn this case, the total number of elements for the flexible array is\ndetermined by variable `clks_num` when allocating heap space via\n`devm_kzalloc()`, as shown below:\n\n289 struct loongson2_clk_provider *clp;\n\t...\n296 for (p = data; p->name; p++)\n297 clks_num++;\n298\n299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),\n300 GFP_KERNEL);\n\nSo, `clp->clk_data.num` should be set to `clks_num` or less, and not\nexceed `clks_num`, as is currently the case. Otherwise, if data is\nwritten into `clp->clk_data.hws[clks_num]`, the instrumentation\nprovided by the compiler won't detect the overflow, leading to a\nmemory corruption bug at runtime.\n\nFix this issue by setting `clp->clk_data.num` to `clks_num`.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53192" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26d1ea0c-5ba4-4018-b0d0-12a5a7397420.json b/objects/vulnerability/vulnerability--26d1ea0c-5ba4-4018-b0d0-12a5a7397420.json new file mode 100644 index 00000000000..861c7b10f47 --- /dev/null +++ b/objects/vulnerability/vulnerability--26d1ea0c-5ba4-4018-b0d0-12a5a7397420.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20a38fba-c315-4ff4-a0c7-15e6cc80dc43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26d1ea0c-5ba4-4018-b0d0-12a5a7397420", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.554009Z", + "modified": "2024-12-30T00:22:03.554009Z", + "name": "CVE-2024-56723", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56723" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26f84b0b-fa36-4c5c-94d5-aa43d25727aa.json b/objects/vulnerability/vulnerability--26f84b0b-fa36-4c5c-94d5-aa43d25727aa.json new file mode 100644 index 00000000000..6f01328a8b9 --- /dev/null +++ b/objects/vulnerability/vulnerability--26f84b0b-fa36-4c5c-94d5-aa43d25727aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de19bf7f-5d3b-40bb-9993-0565308956e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26f84b0b-fa36-4c5c-94d5-aa43d25727aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.406538Z", + "modified": "2024-12-30T00:22:03.406538Z", + "name": "CVE-2024-56680", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: do not handle interrupts when device is disabled\n\nSome IPU6 devices have shared interrupts. We need to handle properly\ncase when interrupt is triggered from other device on shared irq line\nand IPU6 itself disabled. In such case we get 0xffffffff from\nISR_STATUS register and handle all irq's cases, for what we are not\nnot prepared and usually hang the whole system.\n\nTo avoid the issue use pm_runtime_get_if_active() to check if\nthe device is enabled and prevent suspending it when we handle irq\nuntil the end of irq. Additionally use synchronize_irq() in suspend", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2713a122-6a60-4d1f-a08b-45ac0c6c8f13.json b/objects/vulnerability/vulnerability--2713a122-6a60-4d1f-a08b-45ac0c6c8f13.json new file mode 100644 index 00000000000..8127eed3b42 --- /dev/null +++ b/objects/vulnerability/vulnerability--2713a122-6a60-4d1f-a08b-45ac0c6c8f13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a8e6ace3-051f-4df9-a524-47bdfe9c54c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2713a122-6a60-4d1f-a08b-45ac0c6c8f13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.579996Z", + "modified": "2024-12-30T00:22:03.579996Z", + "name": "CVE-2024-56610", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last enabled at (156673): [] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last enabled at (0): [] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [<0000000000000000>] 0x0\n| Preemption disabled at:\n| [] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n| \n| dump_stack_lvl+0x7e/0xc0\n| dump_stack+0x1d/0x30\n| __might_resched+0x1a2/0x270\n| rt_spin_lock+0x68/0x170\n| kcsan_skip_report_debugfs+0x43/0xe0\n| print_report+0xb5/0x590\n| kcsan_report_known_origin+0x1b1/0x1d0\n| kcsan_setup_watchpoint+0x348/0x650\n| __tsan_unaligned_write1+0x16d/0x1d0\n| hrtimer_interrupt+0x3d6/0x430\n| __sysvec_apic_timer_interrupt+0xe8/0x3a0\n| sysvec_apic_timer_interrupt+0x97/0xc0\n| \n\nOn a detected data race, KCSAN's reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN's debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56610" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27ed1566-0662-4e3b-8f7f-f7597231cef2.json b/objects/vulnerability/vulnerability--27ed1566-0662-4e3b-8f7f-f7597231cef2.json new file mode 100644 index 00000000000..f84560c0e24 --- /dev/null +++ b/objects/vulnerability/vulnerability--27ed1566-0662-4e3b-8f7f-f7597231cef2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--005e3e17-0475-485e-99bd-db705f4499a6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27ed1566-0662-4e3b-8f7f-f7597231cef2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.521721Z", + "modified": "2024-12-30T00:22:03.521721Z", + "name": "CVE-2024-56692", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node blkaddr in truncate_node()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2534!\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\nCall Trace:\n truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909\n f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288\n f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856\n evict+0x4e8/0x9b0 fs/inode.c:723\n f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986\n f2fs_create+0x357/0x530 fs/f2fs/namei.c:394\n lookup_open fs/namei.c:3595 [inline]\n open_last_lookups fs/namei.c:3694 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3930\n do_filp_open+0x235/0x490 fs/namei.c:3960\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1415\n do_sys_open fs/open.c:1430 [inline]\n __do_sys_openat fs/open.c:1446 [inline]\n __se_sys_openat fs/open.c:1441 [inline]\n __x64_sys_openat+0x247/0x2a0 fs/open.c:1441\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\n\nThe root cause is: on a fuzzed image, blkaddr in nat entry may be\ncorrupted, then it will cause system panic when using it in\nf2fs_invalidate_blocks(), to avoid this, let's add sanity check on\nnat blkaddr in truncate_node().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56692" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28583d35-18f4-4e92-8a07-3fcdaf795419.json b/objects/vulnerability/vulnerability--28583d35-18f4-4e92-8a07-3fcdaf795419.json new file mode 100644 index 00000000000..0451d80c65b --- /dev/null +++ b/objects/vulnerability/vulnerability--28583d35-18f4-4e92-8a07-3fcdaf795419.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0826cb5e-909e-40d3-8b85-d78694b0ea3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28583d35-18f4-4e92-8a07-3fcdaf795419", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.421903Z", + "modified": "2024-12-30T00:22:02.421903Z", + "name": "CVE-2024-53206", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix use-after-free of nreq in reqsk_timer_handler().\n\nThe cited commit replaced inet_csk_reqsk_queue_drop_and_put() with\n__inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler().\n\nThen, oreq should be passed to reqsk_put() instead of req; otherwise\nuse-after-free of nreq could happen when reqsk is migrated but the\nretry attempt failed (e.g. due to timeout).\n\nLet's pass oreq to reqsk_put().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a18ab80-bf08-422f-8684-945aac3d0754.json b/objects/vulnerability/vulnerability--2a18ab80-bf08-422f-8684-945aac3d0754.json new file mode 100644 index 00000000000..29935767677 --- /dev/null +++ b/objects/vulnerability/vulnerability--2a18ab80-bf08-422f-8684-945aac3d0754.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82daaad3-831d-4ed0-a319-5717b27a7948", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a18ab80-bf08-422f-8684-945aac3d0754", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.948775Z", + "modified": "2024-12-30T00:22:03.948775Z", + "name": "CVE-2024-13004", + "description": "A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13004" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2a1cf0e9-ee0f-4ace-bb94-40abaa463143.json b/objects/vulnerability/vulnerability--2a1cf0e9-ee0f-4ace-bb94-40abaa463143.json new file mode 100644 index 00000000000..226cb027f7a --- /dev/null +++ b/objects/vulnerability/vulnerability--2a1cf0e9-ee0f-4ace-bb94-40abaa463143.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--29e0fd7a-8c55-481f-80fc-91578e34895c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2a1cf0e9-ee0f-4ace-bb94-40abaa463143", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.393249Z", + "modified": "2024-12-30T00:22:03.393249Z", + "name": "CVE-2024-56673", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Do not call pmd dtor on vmemmap page table teardown\n\nThe vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page\ntables are populated using pmd (page middle directory) hugetables.\nHowever, the pmd allocation is not using the generic mechanism used by\nthe VMA code (e.g. pmd_alloc()), or the RISC-V specific\ncreate_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table\ncode allocates a page, and calls vmemmap_set_pmd(). This results in\nthat the pmd ctor is *not* called, nor would it make sense to do so.\n\nNow, when tearing down a vmemmap page table pmd, the cleanup code\nwould unconditionally, and incorrectly call the pmd dtor, which\nresults in a crash (best case).\n\nThis issue was found when running the HMM selftests:\n\n | tools/testing/selftests/mm# ./test_hmm.sh smoke\n | ... # when unloading the test_hmm.ko module\n | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b\n | flags: 0x1000000000000000(node=0|zone=1)\n | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000\n | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte)\n | ------------[ cut here ]------------\n | kernel BUG at include/linux/mm.h:3080!\n | Kernel BUG [#1]\n | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod\n | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2\n | Tainted: [W]=WARN\n | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024\n | epc : remove_pgd_mapping+0xbec/0x1070\n | ra : remove_pgd_mapping+0xbec/0x1070\n | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940\n | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04\n | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50\n | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008\n | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000\n | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8\n | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000\n | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000\n | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0\n | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00\n | t5 : ff60000080244000 t6 : ff20000000a73708\n | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003\n | [] remove_pgd_mapping+0xbec/0x1070\n | [] vmemmap_free+0x14/0x1e\n | [] section_deactivate+0x220/0x452\n | [] sparse_remove_section+0x4a/0x58\n | [] __remove_pages+0x7e/0xba\n | [] memunmap_pages+0x2bc/0x3fe\n | [] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm]\n | [] hmm_dmirror_exit+0x3e/0x1018 [test_hmm]\n | [] __riscv_sys_delete_module+0x15a/0x2a6\n | [] do_trap_ecall_u+0x1f2/0x266\n | [] _new_vmalloc_restore_context_a0+0xc6/0xd2\n | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597\n | ---[ end trace 0000000000000000 ]---\n | Kernel panic - not syncing: Fatal exception in interrupt\n\nAdd a check to avoid calling the pmd dtor, if the calling context is\nvmemmap_free().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56673" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c673888-d50d-4f95-bcd0-11d24df8296c.json b/objects/vulnerability/vulnerability--2c673888-d50d-4f95-bcd0-11d24df8296c.json new file mode 100644 index 00000000000..39c4ac733f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c673888-d50d-4f95-bcd0-11d24df8296c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2865f610-aacd-4aba-bff9-736800de230d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c673888-d50d-4f95-bcd0-11d24df8296c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.449546Z", + "modified": "2024-12-30T00:22:03.449546Z", + "name": "CVE-2024-56541", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()\n\nDuring ath12k module removal, in ath12k_core_deinit(),\nath12k_mac_destroy() un-registers ah->hw from mac80211 and frees\nthe ah->hw as well as all the ar's in it. After this\nath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup()\ntries to access one of the freed ar's from pending skb.\n\nThis is because during mac destroy, driver failed to flush few\ndata packets, which were accessed later in ath12k_dp_cc_cleanup()\nand freed, but using ar from the packet led to this use-after-free.\n\nBUG: KASAN: use-after-free in ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]\nWrite of size 4 at addr ffff888150bd3514 by task modprobe/8926\nCPU: 0 UID: 0 PID: 8926 Comm: modprobe Not tainted\n6.11.0-rc2-wt-ath+ #1746\nHardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS\nHNKBLi70.86A.0067.2021.0528.1339 05/28/2021\n\nCall Trace:\n \n dump_stack_lvl+0x7d/0xe0\n print_address_description.constprop.0+0x33/0x3a0\n print_report+0xb5/0x260\n ? kasan_addr_to_slab+0x24/0x80\n kasan_report+0xd8/0x110\n ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]\n ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]\n kasan_check_range+0xf3/0x1a0\n __kasan_check_write+0x14/0x20\n ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k]\n ath12k_dp_free+0x178/0x420 [ath12k]\n ath12k_core_stop+0x176/0x200 [ath12k]\n ath12k_core_deinit+0x13f/0x210 [ath12k]\n ath12k_pci_remove+0xad/0x1c0 [ath12k]\n pci_device_remove+0x9b/0x1b0\n device_remove+0xbf/0x150\n device_release_driver_internal+0x3c3/0x580\n ? __kasan_check_read+0x11/0x20\n driver_detach+0xc4/0x190\n bus_remove_driver+0x130/0x2a0\n driver_unregister+0x68/0x90\n pci_unregister_driver+0x24/0x240\n ? find_module_all+0x13e/0x1e0\n ath12k_pci_exit+0x10/0x20 [ath12k]\n __do_sys_delete_module+0x32c/0x580\n ? module_flags+0x2f0/0x2f0\n ? kmem_cache_free+0xf0/0x410\n ? __fput+0x56f/0xab0\n ? __fput+0x56f/0xab0\n ? debug_smp_processor_id+0x17/0x20\n __x64_sys_delete_module+0x4f/0x70\n x64_sys_call+0x522/0x9f0\n do_syscall_64+0x64/0x130\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f8182c6ac8b\n\nCommit 24de1b7b231c (\"wifi: ath12k: fix flush failure in recovery\nscenarios\") added the change to decrement the pending packets count\nin case of recovery which make sense as ah->hw as well all\nar's in it are intact during recovery, but during core deinit there\nis no use in decrementing packets count or waking up the empty waitq\nas the module is going to be removed also ar's from pending skb's\ncan't be used and the packets should just be released back.\n\nTo fix this, avoid accessing ar from skb->cb when driver is being\nunregistered.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00214-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d605d6d-3ccc-41ac-a846-ba1ef9f65047.json b/objects/vulnerability/vulnerability--2d605d6d-3ccc-41ac-a846-ba1ef9f65047.json new file mode 100644 index 00000000000..7814ad608a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d605d6d-3ccc-41ac-a846-ba1ef9f65047.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84a327fc-5792-4380-8c10-2ef824c8388f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d605d6d-3ccc-41ac-a846-ba1ef9f65047", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.419426Z", + "modified": "2024-12-30T00:22:03.419426Z", + "name": "CVE-2024-56756", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix freeing of the HMB descriptor table\n\nThe HMB descriptor table is sized to the maximum number of descriptors\nthat could be used for a given device, but __nvme_alloc_host_mem could\nbreak out of the loop earlier on memory allocation failure and end up\nusing less descriptors than planned for, which leads to an incorrect\nsize passed to dma_free_coherent.\n\nIn practice this was not showing up because the number of descriptors\ntends to be low and the dma coherent allocator always allocates and\nfrees at least a page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d6bf228-2c5c-48b2-b13f-b18fdba73bb1.json b/objects/vulnerability/vulnerability--2d6bf228-2c5c-48b2-b13f-b18fdba73bb1.json new file mode 100644 index 00000000000..83c9cd0e436 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d6bf228-2c5c-48b2-b13f-b18fdba73bb1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccddacef-9a17-420f-ba62-09bf8f2303af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d6bf228-2c5c-48b2-b13f-b18fdba73bb1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:08.931805Z", + "modified": "2024-12-30T00:22:08.931805Z", + "name": "CVE-2022-49034", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK\n\nWhen CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected,\ncpu_max_bits_warn() generates a runtime warning similar as below when\nshowing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit)\ninstead of NR_CPUS to iterate CPUs.\n\n[ 3.052463] ------------[ cut here ]------------\n[ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0\n[ 3.070072] Modules linked in: efivarfs autofs4\n[ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052\n[ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000\n[ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430\n[ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff\n[ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890\n[ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa\n[ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000\n[ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000\n[ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000\n[ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286\n[ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n[ 3.195868] ...\n[ 3.199917] Call Trace:\n[ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c\n[ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88\n[ 3.217625] [<900000000023d268>] __warn+0xd0/0x100\n[ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc\n[ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0\n[ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4\n[ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4\n[ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0\n[ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100\n[ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94\n[ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160\n[ 3.281824] ---[ end trace 8b484262b4b8c24c ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-49034" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3032c771-a567-4e85-b9a5-943d6bad66b6.json b/objects/vulnerability/vulnerability--3032c771-a567-4e85-b9a5-943d6bad66b6.json new file mode 100644 index 00000000000..10af9442e55 --- /dev/null +++ b/objects/vulnerability/vulnerability--3032c771-a567-4e85-b9a5-943d6bad66b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f59e90d-8aee-45c2-85b0-b550453acc9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3032c771-a567-4e85-b9a5-943d6bad66b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:11.642912Z", + "modified": "2024-12-30T00:22:11.642912Z", + "name": "CVE-2023-52718", + "description": "A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-52718", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52718" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--307e6947-e6d2-4b38-a2fb-fb4a41acadb8.json b/objects/vulnerability/vulnerability--307e6947-e6d2-4b38-a2fb-fb4a41acadb8.json new file mode 100644 index 00000000000..d1d4563cc14 --- /dev/null +++ b/objects/vulnerability/vulnerability--307e6947-e6d2-4b38-a2fb-fb4a41acadb8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a2440aa-8b9b-4977-8f33-783c309aeeeb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--307e6947-e6d2-4b38-a2fb-fb4a41acadb8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.495249Z", + "modified": "2024-12-30T00:22:03.495249Z", + "name": "CVE-2024-56549", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncachefiles: Fix NULL pointer dereference in object->file\n\nAt present, the object->file has the NULL pointer dereference problem in\nondemand-mode. The root cause is that the allocated fd and object->file\nlifetime are inconsistent, and the user-space invocation to anon_fd uses\nobject->file. Following is the process that triggers the issue:\n\n\t [write fd]\t\t\t\t[umount]\ncachefiles_ondemand_fd_write_iter\n\t\t\t\t fscache_cookie_state_machine\n\t\t\t\t\t cachefiles_withdraw_cookie\n if (!file) return -ENOBUFS\n\t\t\t\t\t cachefiles_clean_up_object\n\t\t\t\t\t cachefiles_unmark_inode_in_use\n\t\t\t\t\t fput(object->file)\n\t\t\t\t\t object->file = NULL\n // file NULL pointer dereference!\n __cachefiles_write(..., file, ...)\n\nFix this issue by add an additional reference count to the object->file\nbefore write/llseek, and decrement after it finished.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31a30e01-ffc4-448a-8d53-e9675d63adc7.json b/objects/vulnerability/vulnerability--31a30e01-ffc4-448a-8d53-e9675d63adc7.json new file mode 100644 index 00000000000..9859a0192a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--31a30e01-ffc4-448a-8d53-e9675d63adc7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f6e0909-1182-4a04-bfc4-96bcc757123a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31a30e01-ffc4-448a-8d53-e9675d63adc7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.537159Z", + "modified": "2024-12-30T00:22:03.537159Z", + "name": "CVE-2024-56717", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()\n\nPackets injected by the CPU should have a SRC_PORT field equal to the\nCPU port module index in the Analyzer block (ocelot->num_phys_ports).\n\nThe blamed commit copied the ocelot_ifh_set_basic() call incorrectly\nfrom ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling\nwith \"x\", it calls with BIT_ULL(x), but the field is not a port mask,\nbut rather a single port index.\n\n[ side note: this is the technical debt of code duplication :( ]\n\nThe error used to be silent and doesn't appear to have other\nuser-visible manifestations, but with new changes in the packing\nlibrary, it now fails loudly as follows:\n\n------------[ cut here ]------------\nCannot store 0x40 inside bits 46-43 - will truncate\nsja1105 spi2.0: xmit timed out\nWARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198\nsja1105 spi2.0: timed out polling for tstamp\nCPU: 1 UID: 0 PID: 102 Comm: felix_xmit\nTainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605\nCall trace:\n __pack+0x90/0x198 (P)\n __pack+0x90/0x198 (L)\n packing+0x78/0x98\n ocelot_ifh_set_basic+0x260/0x368\n ocelot_port_inject_frame+0xa8/0x250\n felix_port_deferred_xmit+0x14c/0x258\n kthread_worker_fn+0x134/0x350\n kthread+0x114/0x138\n\nThe code path pertains to the ocelot switchdev driver and to the felix\nsecondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.\n\nThe messenger (packing) is not really to blame, so fix the original\ncommit instead.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56717" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3204b58d-1401-4718-9e7a-501ef8d3d014.json b/objects/vulnerability/vulnerability--3204b58d-1401-4718-9e7a-501ef8d3d014.json new file mode 100644 index 00000000000..9b050ce2d47 --- /dev/null +++ b/objects/vulnerability/vulnerability--3204b58d-1401-4718-9e7a-501ef8d3d014.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16a9f86f-6da4-4222-8e5d-af6c9374a106", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3204b58d-1401-4718-9e7a-501ef8d3d014", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.119825Z", + "modified": "2024-12-30T00:22:02.119825Z", + "name": "CVE-2024-11644", + "description": "The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--32be6e42-5e2e-41d7-8e84-4f9cbc6251d1.json b/objects/vulnerability/vulnerability--32be6e42-5e2e-41d7-8e84-4f9cbc6251d1.json new file mode 100644 index 00000000000..6b4a42c62ae --- /dev/null +++ b/objects/vulnerability/vulnerability--32be6e42-5e2e-41d7-8e84-4f9cbc6251d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db78d60e-2faa-46ba-aa6b-7cc908ecc278", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--32be6e42-5e2e-41d7-8e84-4f9cbc6251d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.548381Z", + "modified": "2024-12-30T00:22:03.548381Z", + "name": "CVE-2024-56634", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: grgpio: Add NULL check in grgpio_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in grgpio_probe is not checked.\nAdd NULL check in grgpio_probe, to handle kernel NULL\npointer dereference error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33083791-81e4-4100-acd5-d43c73d3d0f7.json b/objects/vulnerability/vulnerability--33083791-81e4-4100-acd5-d43c73d3d0f7.json new file mode 100644 index 00000000000..a1885aeb075 --- /dev/null +++ b/objects/vulnerability/vulnerability--33083791-81e4-4100-acd5-d43c73d3d0f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c617353d-34f3-4b8a-9054-ca86e6cd3f65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33083791-81e4-4100-acd5-d43c73d3d0f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.392066Z", + "modified": "2024-12-30T00:22:03.392066Z", + "name": "CVE-2024-56727", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c\n\nAdding error pointer check after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56727" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33d98a3a-b928-4022-869f-6a1aa4915b9a.json b/objects/vulnerability/vulnerability--33d98a3a-b928-4022-869f-6a1aa4915b9a.json new file mode 100644 index 00000000000..a66e63c75b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--33d98a3a-b928-4022-869f-6a1aa4915b9a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b94595f0-bf29-4d81-a2bf-2b030b5cc755", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33d98a3a-b928-4022-869f-6a1aa4915b9a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.384781Z", + "modified": "2024-12-30T00:22:02.384781Z", + "name": "CVE-2024-53176", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: During unmount, ensure all cached dir instances drop their dentry\n\nThe unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can\nrace with various cached directory operations, which ultimately results\nin dentries not being dropped and these kernel BUGs:\n\nBUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nVFS: Busy inodes after unmount of cifs (cifs)\n------------[ cut here ]------------\nkernel BUG at fs/super.c:661!\n\nThis happens when a cfid is in the process of being cleaned up when, and\nhas been removed from the cfids->entries list, including:\n\n- Receiving a lease break from the server\n- Server reconnection triggers invalidate_all_cached_dirs(), which\n removes all the cfids from the list\n- The laundromat thread decides to expire an old cfid.\n\nTo solve these problems, dropping the dentry is done in queued work done\nin a newly-added cfid_put_wq workqueue, and close_all_cached_dirs()\nflushes that workqueue after it drops all the dentries of which it's\naware. This is a global workqueue (rather than scoped to a mount), but\nthe queued work is minimal.\n\nThe final cleanup work for cleaning up a cfid is performed via work\nqueued in the serverclose_wq workqueue; this is done separate from\ndropping the dentries so that close_all_cached_dirs() doesn't block on\nany server operations.\n\nBoth of these queued works expect to invoked with a cfid reference and\na tcon reference to avoid those objects from being freed while the work\nis ongoing.\n\nWhile we're here, add proper locking to close_all_cached_dirs(), and\nlocking around the freeing of cfid->dentry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53176" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3429714e-c6e5-4f27-b033-fac53545b840.json b/objects/vulnerability/vulnerability--3429714e-c6e5-4f27-b033-fac53545b840.json new file mode 100644 index 00000000000..e9d0448c94a --- /dev/null +++ b/objects/vulnerability/vulnerability--3429714e-c6e5-4f27-b033-fac53545b840.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72d7ec37-de88-420d-ba71-6592986b9953", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3429714e-c6e5-4f27-b033-fac53545b840", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.481528Z", + "modified": "2024-12-30T00:22:02.481528Z", + "name": "CVE-2024-53230", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()\n\ncpufreq_cpu_get_raw() may return NULL if the cpu is not in\npolicy->cpus cpu mask and it will cause null pointer dereference,\nso check NULL for cppc_get_cpu_cost().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53230" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34f8bc7b-1a9a-4c7f-a143-754f5add5753.json b/objects/vulnerability/vulnerability--34f8bc7b-1a9a-4c7f-a143-754f5add5753.json new file mode 100644 index 00000000000..b40aa2eed7a --- /dev/null +++ b/objects/vulnerability/vulnerability--34f8bc7b-1a9a-4c7f-a143-754f5add5753.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04900b13-2ea0-4a98-a542-09d4a636d17c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34f8bc7b-1a9a-4c7f-a143-754f5add5753", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.435942Z", + "modified": "2024-12-30T00:22:02.435942Z", + "name": "CVE-2024-53187", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for overflows in io_pin_pages\n\nWARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144\nCPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0\nCall Trace:\n \n __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183\n io_rings_map io_uring/io_uring.c:2611 [inline]\n io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470\n io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692\n io_uring_setup io_uring/io_uring.c:3781 [inline]\n ...\n \n\nio_pin_pages()'s uaddr parameter came directly from the user and can be\ngarbage. Don't just add size to it as it can overflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--35969143-9a30-46be-9b73-7e7f741038fb.json b/objects/vulnerability/vulnerability--35969143-9a30-46be-9b73-7e7f741038fb.json new file mode 100644 index 00000000000..16a7ad39d1d --- /dev/null +++ b/objects/vulnerability/vulnerability--35969143-9a30-46be-9b73-7e7f741038fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5a2a8d0-41b9-4b76-bd21-c2fd0257481d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--35969143-9a30-46be-9b73-7e7f741038fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.369966Z", + "modified": "2024-12-30T00:22:02.369966Z", + "name": "CVE-2024-53202", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware_loader: Fix possible resource leak in fw_log_firmware_info()\n\nThe alg instance should be released under the exception path, otherwise\nthere may be resource leak here.\n\nTo mitigate this, free the alg instance with crypto_free_shash when kmalloc\nfails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53202" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3640d8ae-e311-4ca6-bbcd-0166d119e953.json b/objects/vulnerability/vulnerability--3640d8ae-e311-4ca6-bbcd-0166d119e953.json new file mode 100644 index 00000000000..08d80bc5241 --- /dev/null +++ b/objects/vulnerability/vulnerability--3640d8ae-e311-4ca6-bbcd-0166d119e953.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94defa9b-06de-45be-b8c0-0b49584b24ba", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3640d8ae-e311-4ca6-bbcd-0166d119e953", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.967219Z", + "modified": "2024-12-30T00:22:03.967219Z", + "name": "CVE-2024-13025", + "description": "A vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13025" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--368ee899-4bc2-4456-afd9-5fdbd07f41c2.json b/objects/vulnerability/vulnerability--368ee899-4bc2-4456-afd9-5fdbd07f41c2.json new file mode 100644 index 00000000000..c47d7ac4da7 --- /dev/null +++ b/objects/vulnerability/vulnerability--368ee899-4bc2-4456-afd9-5fdbd07f41c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0bd7f205-591d-4604-8d7c-c08d8439ed60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--368ee899-4bc2-4456-afd9-5fdbd07f41c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.480647Z", + "modified": "2024-12-30T00:22:03.480647Z", + "name": "CVE-2024-56711", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference\n\ndrm_mode_duplicate() could return NULL due to lack of memory,\nwhich will then call NULL pointer dereference. Add a check to\nprevent it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56711" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39c2c6df-5f39-4677-a20f-5feecbce897a.json b/objects/vulnerability/vulnerability--39c2c6df-5f39-4677-a20f-5feecbce897a.json new file mode 100644 index 00000000000..4ed5d943af9 --- /dev/null +++ b/objects/vulnerability/vulnerability--39c2c6df-5f39-4677-a20f-5feecbce897a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d63b23d2-4a3d-406e-94ed-419273649ff8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39c2c6df-5f39-4677-a20f-5feecbce897a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.962151Z", + "modified": "2024-12-30T00:22:03.962151Z", + "name": "CVE-2024-13008", + "description": "A vulnerability has been found in code-projects Responsive Hotel Site 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/newsletter.php. The manipulation of the argument eid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13008" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3aa12f55-2316-49c5-8e9b-9ad57407744b.json b/objects/vulnerability/vulnerability--3aa12f55-2316-49c5-8e9b-9ad57407744b.json new file mode 100644 index 00000000000..61486a58c9d --- /dev/null +++ b/objects/vulnerability/vulnerability--3aa12f55-2316-49c5-8e9b-9ad57407744b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3f87d5c-1978-4832-b1fc-9dbf80e5170a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3aa12f55-2316-49c5-8e9b-9ad57407744b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.589416Z", + "modified": "2024-12-30T00:22:03.589416Z", + "name": "CVE-2024-56582", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free in btrfs_encoded_read_endio()\n\nShinichiro reported the following use-after free that sometimes is\nhappening in our CI system when running fstests' btrfs/284 on a TCMU\nrunner device:\n\n BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780\n Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219\n\n CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15\n Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020\n Workqueue: btrfs-endio btrfs_end_bio_work [btrfs]\n Call Trace:\n \n dump_stack_lvl+0x6e/0xa0\n ? lock_release+0x708/0x780\n print_report+0x174/0x505\n ? lock_release+0x708/0x780\n ? __virt_addr_valid+0x224/0x410\n ? lock_release+0x708/0x780\n kasan_report+0xda/0x1b0\n ? lock_release+0x708/0x780\n ? __wake_up+0x44/0x60\n lock_release+0x708/0x780\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? lock_is_held_type+0x9a/0x110\n _raw_spin_unlock_irqrestore+0x1f/0x60\n __wake_up+0x44/0x60\n btrfs_encoded_read_endio+0x14b/0x190 [btrfs]\n btrfs_check_read_bio+0x8d9/0x1360 [btrfs]\n ? lock_release+0x1b0/0x780\n ? trace_lock_acquire+0x12f/0x1a0\n ? __pfx_btrfs_check_read_bio+0x10/0x10 [btrfs]\n ? process_one_work+0x7e3/0x1460\n ? lock_acquire+0x31/0xc0\n ? process_one_work+0x7e3/0x1460\n process_one_work+0x85c/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5e6/0xfc0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x2c3/0x3a0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x31/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\n Allocated by task 3661:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n btrfs_encoded_read_regular_fill_pages+0x16c/0x6d0 [btrfs]\n send_extent_data+0xf0f/0x24a0 [btrfs]\n process_extent+0x48a/0x1830 [btrfs]\n changed_cb+0x178b/0x2ea0 [btrfs]\n btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n _btrfs_ioctl_send+0x117/0x330 [btrfs]\n btrfs_ioctl+0x184a/0x60a0 [btrfs]\n __x64_sys_ioctl+0x12e/0x1a0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n Freed by task 3661:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x4f/0x70\n kfree+0x143/0x490\n btrfs_encoded_read_regular_fill_pages+0x531/0x6d0 [btrfs]\n send_extent_data+0xf0f/0x24a0 [btrfs]\n process_extent+0x48a/0x1830 [btrfs]\n changed_cb+0x178b/0x2ea0 [btrfs]\n btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs]\n _btrfs_ioctl_send+0x117/0x330 [btrfs]\n btrfs_ioctl+0x184a/0x60a0 [btrfs]\n __x64_sys_ioctl+0x12e/0x1a0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff888106a83f00\n which belongs to the cache kmalloc-rnd-07-96 of size 96\n The buggy address is located 24 bytes inside of\n freed 96-byte region [ffff888106a83f00, ffff888106a83f60)\n\n The buggy address belongs to the physical page:\n page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106a83800 pfn:0x106a83\n flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n page_type: f5(slab)\n raw: 0017ffffc0000000 ffff888100053680 ffffea0004917200 0000000000000004\n raw: ffff888106a83800 0000000080200019 00000001f5000000 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888106a83e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff888106a83e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n >ffff888106a83f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ^\n ffff888106a83f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n ffff888106a84000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ==================================================================\n\nFurther analyzing the trace and \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b534657-2a9c-40c3-af97-be286bfb6a48.json b/objects/vulnerability/vulnerability--3b534657-2a9c-40c3-af97-be286bfb6a48.json new file mode 100644 index 00000000000..b1990a45919 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b534657-2a9c-40c3-af97-be286bfb6a48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e5a0016-6818-4271-9376-968b9eecea90", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b534657-2a9c-40c3-af97-be286bfb6a48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.748978Z", + "modified": "2024-12-30T00:22:03.748978Z", + "name": "CVE-2024-46972", + "description": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46972" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c6f7c46-1abc-41c7-bfbc-ad18a5e141af.json b/objects/vulnerability/vulnerability--3c6f7c46-1abc-41c7-bfbc-ad18a5e141af.json new file mode 100644 index 00000000000..87a5620e348 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c6f7c46-1abc-41c7-bfbc-ad18a5e141af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edcc425f-4904-481e-874c-8a682d17a9a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c6f7c46-1abc-41c7-bfbc-ad18a5e141af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.59613Z", + "modified": "2024-12-30T00:22:03.59613Z", + "name": "CVE-2024-56665", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog\n\nSyzbot reported [1] crash that happens for following tracing scenario:\n\n - create tracepoint perf event with attr.inherit=1, attach it to the\n process and set bpf program to it\n - attached process forks -> chid creates inherited event\n\n the new child event shares the parent's bpf program and tp_event\n (hence prog_array) which is global for tracepoint\n\n - exit both process and its child -> release both events\n - first perf_event_detach_bpf_prog call will release tp_event->prog_array\n and second perf_event_detach_bpf_prog will crash, because\n tp_event->prog_array is NULL\n\nThe fix makes sure the perf_event_detach_bpf_prog checks prog_array\nis valid before it tries to remove the bpf program from it.\n\n[1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cbff447-8dcb-4320-a6c3-dff98c34af20.json b/objects/vulnerability/vulnerability--3cbff447-8dcb-4320-a6c3-dff98c34af20.json new file mode 100644 index 00000000000..8fdb89ad874 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cbff447-8dcb-4320-a6c3-dff98c34af20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5b3eb02-8cd8-4caf-a5e4-9ad78f786d9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cbff447-8dcb-4320-a6c3-dff98c34af20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.520567Z", + "modified": "2024-12-30T00:22:03.520567Z", + "name": "CVE-2024-56738", + "description": "GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56738" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cdf1aa7-4f64-48aa-ae98-b667b3887eb7.json b/objects/vulnerability/vulnerability--3cdf1aa7-4f64-48aa-ae98-b667b3887eb7.json new file mode 100644 index 00000000000..6e688967203 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cdf1aa7-4f64-48aa-ae98-b667b3887eb7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--135f628e-f6c5-4d0d-a2a7-a395e41217a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cdf1aa7-4f64-48aa-ae98-b667b3887eb7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.363544Z", + "modified": "2024-12-30T00:22:02.363544Z", + "name": "CVE-2024-53220", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to account dirty data in __get_secs_required()\n\nIt will trigger system panic w/ testcase in [1]:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2752!\nRIP: 0010:new_curseg+0xc81/0x2110\nCall Trace:\n f2fs_allocate_data_block+0x1c91/0x4540\n do_write_page+0x163/0xdf0\n f2fs_outplace_write_data+0x1aa/0x340\n f2fs_do_write_data_page+0x797/0x2280\n f2fs_write_single_data_page+0x16cd/0x2190\n f2fs_write_cache_pages+0x994/0x1c80\n f2fs_write_data_pages+0x9cc/0xea0\n do_writepages+0x194/0x7a0\n filemap_fdatawrite_wbc+0x12b/0x1a0\n __filemap_fdatawrite_range+0xbb/0xf0\n file_write_and_wait_range+0xa1/0x110\n f2fs_do_sync_file+0x26f/0x1c50\n f2fs_sync_file+0x12b/0x1d0\n vfs_fsync_range+0xfa/0x230\n do_fsync+0x3d/0x80\n __x64_sys_fsync+0x37/0x50\n x64_sys_call+0x1e88/0x20d0\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is if checkpoint_disabling and lfs_mode are both on,\nit will trigger OPU for all overwritten data, it may cost more free\nsegment than expected, so f2fs must account those data correctly to\ncalculate cosumed free segments later, and return ENOSPC earlier to\navoid run out of free segment during block allocation.\n\n[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3eac7649-0aef-437d-96ad-914cb847ef6f.json b/objects/vulnerability/vulnerability--3eac7649-0aef-437d-96ad-914cb847ef6f.json new file mode 100644 index 00000000000..de75975dae1 --- /dev/null +++ b/objects/vulnerability/vulnerability--3eac7649-0aef-437d-96ad-914cb847ef6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--500a24c7-385e-40ac-a650-a08c19d40c6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3eac7649-0aef-437d-96ad-914cb847ef6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.564345Z", + "modified": "2024-12-30T00:22:03.564345Z", + "name": "CVE-2024-56550", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/stacktrace: Use break instead of return statement\n\narch_stack_walk_user_common() contains a return statement instead of a\nbreak statement in case store_ip() fails while trying to store a callchain\nentry of a user space process.\nThis may lead to a missing pagefault_enable() call.\n\nIf this happens any subsequent page fault of the process won't be resolved\nby the page fault handler and this in turn will lead to the process being\nkilled.\n\nUse a break instead of a return statement to fix this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56550" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3f0064da-6971-4e99-8443-69bbe43ce410.json b/objects/vulnerability/vulnerability--3f0064da-6971-4e99-8443-69bbe43ce410.json new file mode 100644 index 00000000000..780075d6355 --- /dev/null +++ b/objects/vulnerability/vulnerability--3f0064da-6971-4e99-8443-69bbe43ce410.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad94c016-34fd-4314-b3e4-cfb970328d2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3f0064da-6971-4e99-8443-69bbe43ce410", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.414522Z", + "modified": "2024-12-30T00:22:03.414522Z", + "name": "CVE-2024-56704", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: fix release of IRQ\n\nKernel logs indicate an IRQ was double-freed.\n\nPass correct device ID during IRQ release.\n\n[Dominique: remove confusing variable reset to 0]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56704" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42172b37-fb2c-4246-9dae-d8e73d75d7ee.json b/objects/vulnerability/vulnerability--42172b37-fb2c-4246-9dae-d8e73d75d7ee.json new file mode 100644 index 00000000000..97aa6e8c1fc --- /dev/null +++ b/objects/vulnerability/vulnerability--42172b37-fb2c-4246-9dae-d8e73d75d7ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ce5276e-0337-4f05-92e3-d915eaf271a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42172b37-fb2c-4246-9dae-d8e73d75d7ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.486154Z", + "modified": "2024-12-30T00:22:03.486154Z", + "name": "CVE-2024-56630", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: free inode when ocfs2_get_init_inode() fails\n\nsyzbot is reporting busy inodes after unmount, for commit 9c89fe0af826\n(\"ocfs2: Handle error from dquot_initialize()\") forgot to call iput() when\nnew_inode() succeeded and dquot_initialize() failed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42e68b3f-74b8-411c-984a-fd6394c2d69f.json b/objects/vulnerability/vulnerability--42e68b3f-74b8-411c-984a-fd6394c2d69f.json new file mode 100644 index 00000000000..8016f25909b --- /dev/null +++ b/objects/vulnerability/vulnerability--42e68b3f-74b8-411c-984a-fd6394c2d69f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--599ecd0d-8837-4eaf-a47a-fdc4ac602b4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42e68b3f-74b8-411c-984a-fd6394c2d69f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.390667Z", + "modified": "2024-12-30T00:22:02.390667Z", + "name": "CVE-2024-53171", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit\n\nAfter an insertion in TNC, the tree might split and cause a node to\nchange its `znode->parent`. A further deletion of other nodes in the\ntree (which also could free the nodes), the aforementioned node's\n`znode->cparent` could still point to a freed node. This\n`znode->cparent` may not be updated when getting nodes to commit in\n`ubifs_tnc_start_commit()`. This could then trigger a use-after-free\nwhen accessing the `znode->cparent` in `write_index()` in\n`ubifs_tnc_end_commit()`.\n\nThis can be triggered by running\n\n rm -f /etc/test-file.bin\n dd if=/dev/urandom of=/etc/test-file.bin bs=1M count=60 conv=fsync\n\nin a loop, and with `CONFIG_UBIFS_FS_AUTHENTICATION`. KASAN then\nreports:\n\n BUG: KASAN: use-after-free in ubifs_tnc_end_commit+0xa5c/0x1950\n Write of size 32 at addr ffffff800a3af86c by task ubifs_bgt0_20/153\n\n Call trace:\n dump_backtrace+0x0/0x340\n show_stack+0x18/0x24\n dump_stack_lvl+0x9c/0xbc\n print_address_description.constprop.0+0x74/0x2b0\n kasan_report+0x1d8/0x1f0\n kasan_check_range+0xf8/0x1a0\n memcpy+0x84/0xf4\n ubifs_tnc_end_commit+0xa5c/0x1950\n do_commit+0x4e0/0x1340\n ubifs_bg_thread+0x234/0x2e0\n kthread+0x36c/0x410\n ret_from_fork+0x10/0x20\n\n Allocated by task 401:\n kasan_save_stack+0x38/0x70\n __kasan_kmalloc+0x8c/0xd0\n __kmalloc+0x34c/0x5bc\n tnc_insert+0x140/0x16a4\n ubifs_tnc_add+0x370/0x52c\n ubifs_jnl_write_data+0x5d8/0x870\n do_writepage+0x36c/0x510\n ubifs_writepage+0x190/0x4dc\n __writepage+0x58/0x154\n write_cache_pages+0x394/0x830\n do_writepages+0x1f0/0x5b0\n filemap_fdatawrite_wbc+0x170/0x25c\n file_write_and_wait_range+0x140/0x190\n ubifs_fsync+0xe8/0x290\n vfs_fsync_range+0xc0/0x1e4\n do_fsync+0x40/0x90\n __arm64_sys_fsync+0x34/0x50\n invoke_syscall.constprop.0+0xa8/0x260\n do_el0_svc+0xc8/0x1f0\n el0_svc+0x34/0x70\n el0t_64_sync_handler+0x108/0x114\n el0t_64_sync+0x1a4/0x1a8\n\n Freed by task 403:\n kasan_save_stack+0x38/0x70\n kasan_set_track+0x28/0x40\n kasan_set_free_info+0x28/0x4c\n __kasan_slab_free+0xd4/0x13c\n kfree+0xc4/0x3a0\n tnc_delete+0x3f4/0xe40\n ubifs_tnc_remove_range+0x368/0x73c\n ubifs_tnc_remove_ino+0x29c/0x2e0\n ubifs_jnl_delete_inode+0x150/0x260\n ubifs_evict_inode+0x1d4/0x2e4\n evict+0x1c8/0x450\n iput+0x2a0/0x3c4\n do_unlinkat+0x2cc/0x490\n __arm64_sys_unlinkat+0x90/0x100\n invoke_syscall.constprop.0+0xa8/0x260\n do_el0_svc+0xc8/0x1f0\n el0_svc+0x34/0x70\n el0t_64_sync_handler+0x108/0x114\n el0t_64_sync+0x1a4/0x1a8\n\nThe offending `memcpy()` in `ubifs_copy_hash()` has a use-after-free\nwhen a node becomes root in TNC but still has a `cparent` to an already\nfreed node. More specifically, consider the following TNC:\n\n zroot\n /\n /\n zp1\n /\n /\n zn\n\nInserting a new node `zn_new` with a key smaller then `zn` will trigger\na split in `tnc_insert()` if `zp1` is full:\n\n zroot\n / \\\n / \\\n zp1 zp2\n / \\\n / \\\n zn_new zn\n\n`zn->parent` has now been moved to `zp2`, *but* `zn->cparent` still\npoints to `zp1`.\n\nNow, consider a removal of all the nodes _except_ `zn`. Just when\n`tnc_delete()` is about to delete `zroot` and `zp2`:\n\n zroot\n \\\n \\\n zp2\n \\\n \\\n zn\n\n`zroot` and `zp2` get freed and the tree collapses:\n\n zn\n\n`zn` now becomes the new `zroot`.\n\n`get_znodes_to_commit()` will now only find `zn`, the new `zroot`, and\n`write_index()` will check its `znode->cparent` that wrongly points to\nthe already freed `zp1`. `ubifs_copy_hash()` thus gets wrongly called\nwith `znode->cparent->zbranch[znode->iip].hash` that triggers the\nuse-after-free!\n\nFix this by explicitly setting `znode->cparent` to `NULL` in\n`get_znodes_to_commit()` for the root node. The search for the dirty\nnodes\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53171" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44071b5c-a896-40be-b881-4cd9b1bd70cb.json b/objects/vulnerability/vulnerability--44071b5c-a896-40be-b881-4cd9b1bd70cb.json new file mode 100644 index 00000000000..8d74dbc2662 --- /dev/null +++ b/objects/vulnerability/vulnerability--44071b5c-a896-40be-b881-4cd9b1bd70cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4145d381-5a6d-45d4-b785-77d8c9be2e16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44071b5c-a896-40be-b881-4cd9b1bd70cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.964179Z", + "modified": "2024-12-30T00:22:03.964179Z", + "name": "CVE-2024-13018", + "description": "A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--441e1a1a-3537-4ec9-8560-0b23eb94c874.json b/objects/vulnerability/vulnerability--441e1a1a-3537-4ec9-8560-0b23eb94c874.json new file mode 100644 index 00000000000..7103cd9d322 --- /dev/null +++ b/objects/vulnerability/vulnerability--441e1a1a-3537-4ec9-8560-0b23eb94c874.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1894f62-d0c0-4587-a8da-0f367e3f1fbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--441e1a1a-3537-4ec9-8560-0b23eb94c874", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.420462Z", + "modified": "2024-12-30T00:22:03.420462Z", + "name": "CVE-2024-56700", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: wl128x: Fix atomicity violation in fmc_send_cmd()\n\nAtomicity violation occurs when the fmc_send_cmd() function is executed\nsimultaneously with the modification of the fmdev->resp_skb value.\nConsider a scenario where, after passing the validity check within the\nfunction, a non-null fmdev->resp_skb variable is assigned a null value.\nThis results in an invalid fmdev->resp_skb variable passing the validity\ncheck. As seen in the later part of the function, skb = fmdev->resp_skb;\nwhen the invalid fmdev->resp_skb passes the check, a null pointer\ndereference error may occur at line 478, evt_hdr = (void *)skb->data;\n\nTo address this issue, it is recommended to include the validity check of\nfmdev->resp_skb within the locked section of the function. This\nmodification ensures that the value of fmdev->resp_skb does not change\nduring the validation process, thereby maintaining its validity.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by our team. This tool analyzes the locking APIs\nto extract function pairs that can be concurrently executed, and then\nanalyzes the instructions in the paired functions to identify possible\nconcurrency bugs including data races and atomicity violations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44d351d7-09ba-4147-99af-bfae16a00061.json b/objects/vulnerability/vulnerability--44d351d7-09ba-4147-99af-bfae16a00061.json new file mode 100644 index 00000000000..d08a0962a9c --- /dev/null +++ b/objects/vulnerability/vulnerability--44d351d7-09ba-4147-99af-bfae16a00061.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b84200af-e5a5-4ca0-9eb2-d7833a8b1d3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44d351d7-09ba-4147-99af-bfae16a00061", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.478477Z", + "modified": "2024-12-30T00:22:03.478477Z", + "name": "CVE-2024-56591", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: Use disable_delayed_work_sync\n\nThis makes use of disable_delayed_work_sync instead\ncancel_delayed_work_sync as it not only cancel the ongoing work but also\ndisables new submit which is disarable since the object holding the work\nis about to be freed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44f7c7af-4604-4a85-9514-d8c9d8c31c37.json b/objects/vulnerability/vulnerability--44f7c7af-4604-4a85-9514-d8c9d8c31c37.json new file mode 100644 index 00000000000..3f75b59666d --- /dev/null +++ b/objects/vulnerability/vulnerability--44f7c7af-4604-4a85-9514-d8c9d8c31c37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3796e0a8-d06b-4712-a108-7467f1fe7356", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44f7c7af-4604-4a85-9514-d8c9d8c31c37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.49873Z", + "modified": "2024-12-30T00:22:03.49873Z", + "name": "CVE-2024-56696", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd NULL checks for all the kunit_kzalloc() in sound_kunit.c", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4530eb25-2683-4082-a53d-02fb9030ff6f.json b/objects/vulnerability/vulnerability--4530eb25-2683-4082-a53d-02fb9030ff6f.json new file mode 100644 index 00000000000..440f4b6ddd7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4530eb25-2683-4082-a53d-02fb9030ff6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fa5e1148-4f38-4906-8a16-8ca53f4463ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4530eb25-2683-4082-a53d-02fb9030ff6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.585511Z", + "modified": "2024-12-30T00:22:03.585511Z", + "name": "CVE-2024-56698", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix looping of queued SG entries\n\nThe dwc3_request->num_queued_sgs is decremented on completion. If a\npartially completed request is handled, then the\ndwc3_request->num_queued_sgs no longer reflects the total number of\nnum_queued_sgs (it would be cleared).\n\nCorrectly check the number of request SG entries remained to be prepare\nand queued. Failure to do this may cause null pointer dereference when\naccessing non-existent SG entry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45d9d5ba-9067-4106-8a42-aa99e56b3b17.json b/objects/vulnerability/vulnerability--45d9d5ba-9067-4106-8a42-aa99e56b3b17.json new file mode 100644 index 00000000000..78c594bb37b --- /dev/null +++ b/objects/vulnerability/vulnerability--45d9d5ba-9067-4106-8a42-aa99e56b3b17.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7f7a60d-4f4b-491b-8987-ab37e3ce7b4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45d9d5ba-9067-4106-8a42-aa99e56b3b17", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.394078Z", + "modified": "2024-12-30T00:22:02.394078Z", + "name": "CVE-2024-53236", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Free skb when TX metadata options are invalid\n\nWhen a new skb is allocated for transmitting an xsk descriptor, i.e., for\nevery non-multibuf descriptor or the first frag of a multibuf descriptor,\nbut the descriptor is later found to have invalid options set for the TX\nmetadata, the new skb is never freed. This can leak skbs until the send\nbuffer is full which makes sending more packets impossible.\n\nFix this by freeing the skb in the error path if we are currently dealing\nwith the first frag, i.e., an skb allocated in this iteration of\nxsk_build_skb.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--47986c6c-e3f3-41c9-b81e-b722f924a929.json b/objects/vulnerability/vulnerability--47986c6c-e3f3-41c9-b81e-b722f924a929.json new file mode 100644 index 00000000000..ea04173d467 --- /dev/null +++ b/objects/vulnerability/vulnerability--47986c6c-e3f3-41c9-b81e-b722f924a929.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0de5e66e-3c34-4c3c-97b0-9fdcaef4d4c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--47986c6c-e3f3-41c9-b81e-b722f924a929", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.561891Z", + "modified": "2024-12-30T00:22:03.561891Z", + "name": "CVE-2024-56641", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: initialize close_work early to avoid warning\n\nWe encountered a warning that close_work was canceled before\ninitialization.\n\n WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0\n Workqueue: events smc_lgr_terminate_work [smc]\n RIP: 0010:__flush_work+0x19e/0x1b0\n Call Trace:\n ? __wake_up_common+0x7a/0x190\n ? work_busy+0x80/0x80\n __cancel_work_timer+0xe3/0x160\n smc_close_cancel_work+0x1a/0x70 [smc]\n smc_close_active_abort+0x207/0x360 [smc]\n __smc_lgr_terminate.part.38+0xc8/0x180 [smc]\n process_one_work+0x19e/0x340\n worker_thread+0x30/0x370\n ? process_one_work+0x340/0x340\n kthread+0x117/0x130\n ? __kthread_cancel_work+0x50/0x50\n ret_from_fork+0x22/0x30\n\nThis is because when smc_close_cancel_work is triggered, e.g. the RDMA\ndriver is rmmod and the LGR is terminated, the conn->close_work is\nflushed before initialization, resulting in WARN_ON(!work->func).\n\n__smc_lgr_terminate | smc_connect_{rdma|ism}\n-------------------------------------------------------------\n | smc_conn_create\n\t\t\t\t| \\- smc_lgr_register_conn\nfor conn in lgr->conns_all |\n\\- smc_conn_kill |\n \\- smc_close_active_abort |\n \\- smc_close_cancel_work |\n \\- cancel_work_sync |\n \\- __flush_work |\n\t (close_work) |\n\t | smc_close_init\n\t | \\- INIT_WORK(&close_work)\n\nSo fix this by initializing close_work before establishing the\nconnection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--480469b5-fd06-4998-a1b0-44295fa7657f.json b/objects/vulnerability/vulnerability--480469b5-fd06-4998-a1b0-44295fa7657f.json new file mode 100644 index 00000000000..3c548306c63 --- /dev/null +++ b/objects/vulnerability/vulnerability--480469b5-fd06-4998-a1b0-44295fa7657f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5c9dac85-f5f7-4da1-b0a1-64e9dcc3b93c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--480469b5-fd06-4998-a1b0-44295fa7657f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.415802Z", + "modified": "2024-12-30T00:22:03.415802Z", + "name": "CVE-2024-56670", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer\n\nConsidering that in some extreme cases,\nwhen u_serial driver is accessed by multiple threads,\nThread A is executing the open operation and calling the gs_open,\nThread B is executing the disconnect operation and calling the\ngserial_disconnect function,The port->port_usb pointer will be set to NULL.\n\nE.g.\n Thread A Thread B\n gs_open() gadget_unbind_driver()\n gs_start_io() composite_disconnect()\n gs_start_rx() gserial_disconnect()\n ... ...\n spin_unlock(&port->port_lock)\n status = usb_ep_queue() spin_lock(&port->port_lock)\n spin_lock(&port->port_lock) port->port_usb = NULL\n gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock)\n Crash\n\nThis causes thread A to access a null pointer (port->port_usb is null)\nwhen calling the gs_free_requests function, causing a crash.\n\nIf port_usb is NULL, the release request will be skipped as it\nwill be done by gserial_disconnect.\n\nSo add a null pointer check to gs_start_io before attempting\nto access the value of the pointer port->port_usb.\n\nCall trace:\n gs_start_io+0x164/0x25c\n gs_open+0x108/0x13c\n tty_open+0x314/0x638\n chrdev_open+0x1b8/0x258\n do_dentry_open+0x2c4/0x700\n vfs_open+0x2c/0x3c\n path_openat+0xa64/0xc60\n do_filp_open+0xb8/0x164\n do_sys_openat2+0x84/0xf0\n __arm64_sys_openat+0x70/0x9c\n invoke_syscall+0x58/0x114\n el0_svc_common+0x80/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x38/0x68", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56670" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--486461ef-9e41-4f55-a0f7-70c41e9eeef8.json b/objects/vulnerability/vulnerability--486461ef-9e41-4f55-a0f7-70c41e9eeef8.json new file mode 100644 index 00000000000..1f12740dfbb --- /dev/null +++ b/objects/vulnerability/vulnerability--486461ef-9e41-4f55-a0f7-70c41e9eeef8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a85aeea-942c-43e9-a5b4-1da1cc1e1989", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--486461ef-9e41-4f55-a0f7-70c41e9eeef8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.396692Z", + "modified": "2024-12-30T00:22:02.396692Z", + "name": "CVE-2024-53208", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353\nRead of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54\n\nCPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\nq kasan_report+0x143/0x180 mm/kasan/report.c:601\n set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353\n hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328\n process_one_work kernel/workqueue.c:3231 [inline]\n process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312\n worker_thread+0x86d/0xd10 kernel/workqueue.c:3389\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \n\nAllocated by task 5247:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:370 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387\n kasan_kmalloc include/linux/kasan.h:211 [inline]\n __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193\n kmalloc_noprof include/linux/slab.h:681 [inline]\n kzalloc_noprof include/linux/slab.h:807 [inline]\n mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296\n set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394\n hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712\n hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n sock_write_iter+0x2dd/0x400 net/socket.c:1160\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xa72/0xc90 fs/read_write.c:590\n ksys_write+0x1a0/0x2c0 fs/read_write.c:643\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 5246:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579\n poison_slab_object+0xe0/0x150 mm/kasan/common.c:240\n __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256\n kasan_slab_free include/linux/kasan.h:184 [inline]\n slab_free_hook mm/slub.c:2256 [inline]\n slab_free mm/slub.c:4477 [inline]\n kfree+0x149/0x360 mm/slub.c:4598\n settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443\n mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259\n __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455\n hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191\n hci_dev_do_close net/bluetooth/hci_core.c:483 [inline]\n hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4880934e-f6e5-4fc4-bc78-0b6dd77f8c81.json b/objects/vulnerability/vulnerability--4880934e-f6e5-4fc4-bc78-0b6dd77f8c81.json new file mode 100644 index 00000000000..ce15360c907 --- /dev/null +++ b/objects/vulnerability/vulnerability--4880934e-f6e5-4fc4-bc78-0b6dd77f8c81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c6e7e4e-4fa7-44e5-844f-d9c7ba9236cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4880934e-f6e5-4fc4-bc78-0b6dd77f8c81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.958118Z", + "modified": "2024-12-30T00:22:03.958118Z", + "name": "CVE-2024-13014", + "description": "A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--499ab615-358f-4ca6-a9d7-dc235bcca284.json b/objects/vulnerability/vulnerability--499ab615-358f-4ca6-a9d7-dc235bcca284.json new file mode 100644 index 00000000000..4503ca90f43 --- /dev/null +++ b/objects/vulnerability/vulnerability--499ab615-358f-4ca6-a9d7-dc235bcca284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e82f8879-b5af-4e0d-a6e0-3076c08e6a75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--499ab615-358f-4ca6-a9d7-dc235bcca284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.422703Z", + "modified": "2024-12-30T00:22:03.422703Z", + "name": "CVE-2024-56573", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/libstub: Free correct pointer on failure\n\ncmdline_ptr is an out parameter, which is not allocated by the function\nitself, and likely points into the caller's stack.\n\ncmdline refers to the pool allocation that should be freed when cleaning\nup after a failure, so pass this instead to free_pool().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56573" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b1808ff-a3f8-4ab2-9d61-0130ccea6282.json b/objects/vulnerability/vulnerability--4b1808ff-a3f8-4ab2-9d61-0130ccea6282.json new file mode 100644 index 00000000000..7691176f3e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b1808ff-a3f8-4ab2-9d61-0130ccea6282.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c48149e9-63e2-4bcc-a12a-34a9d1d7a9ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b1808ff-a3f8-4ab2-9d61-0130ccea6282", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.377433Z", + "modified": "2024-12-30T00:22:02.377433Z", + "name": "CVE-2024-53185", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix NULL ptr deref in crypto_aead_setkey()\n\nNeither SMB3.0 or SMB3.02 supports encryption negotiate context, so\nwhen SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response,\nthe client uses AES-128-CCM as the default cipher. See MS-SMB2\n3.3.5.4.\n\nCommit b0abcd65ec54 (\"smb: client: fix UAF in async decryption\") added\na @server->cipher_type check to conditionally call\nsmb3_crypto_aead_allocate(), but that check would always be false as\n@server->cipher_type is unset for SMB3.02.\n\nFix the following KASAN splat by setting @server->cipher_type for\nSMB3.02 as well.\n\nmount.cifs //srv/share /mnt -o vers=3.02,seal,...\n\nBUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130\nRead of size 8 at addr 0000000000000020 by task mount.cifs/1095\nCPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41\n04/01/2014\nCall Trace:\n \n dump_stack_lvl+0x5d/0x80\n ? crypto_aead_setkey+0x2c/0x130\n kasan_report+0xda/0x110\n ? crypto_aead_setkey+0x2c/0x130\n crypto_aead_setkey+0x2c/0x130\n crypt_message+0x258/0xec0 [cifs]\n ? __asan_memset+0x23/0x50\n ? __pfx_crypt_message+0x10/0x10 [cifs]\n ? mark_lock+0xb0/0x6a0\n ? hlock_class+0x32/0xb0\n ? mark_lock+0xb0/0x6a0\n smb3_init_transform_rq+0x352/0x3f0 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n smb_send_rqst+0x144/0x230 [cifs]\n ? __pfx_smb_send_rqst+0x10/0x10 [cifs]\n ? hlock_class+0x32/0xb0\n ? smb2_setup_request+0x225/0x3a0 [cifs]\n ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs]\n compound_send_recv+0x59b/0x1140 [cifs]\n ? __pfx_compound_send_recv+0x10/0x10 [cifs]\n ? __create_object+0x5e/0x90\n ? hlock_class+0x32/0xb0\n ? do_raw_spin_unlock+0x9a/0xf0\n cifs_send_recv+0x23/0x30 [cifs]\n SMB2_tcon+0x3ec/0xb30 [cifs]\n ? __pfx_SMB2_tcon+0x10/0x10 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n ? __pfx_lock_release+0x10/0x10\n ? do_raw_spin_trylock+0xc6/0x120\n ? lock_acquire+0x3f/0x90\n ? _get_xid+0x16/0xd0 [cifs]\n ? __pfx_SMB2_tcon+0x10/0x10 [cifs]\n ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs]\n cifs_get_smb_ses+0xcdd/0x10a0 [cifs]\n ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs]\n ? cifs_get_tcp_session+0xaa0/0xca0 [cifs]\n cifs_mount_get_session+0x8a/0x210 [cifs]\n dfs_mount_share+0x1b0/0x11d0 [cifs]\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_dfs_mount_share+0x10/0x10 [cifs]\n ? lock_acquire.part.0+0xf4/0x2a0\n ? find_held_lock+0x8a/0xa0\n ? hlock_class+0x32/0xb0\n ? lock_release+0x203/0x5d0\n cifs_mount+0xb3/0x3d0 [cifs]\n ? do_raw_spin_trylock+0xc6/0x120\n ? __pfx_cifs_mount+0x10/0x10 [cifs]\n ? lock_acquire+0x3f/0x90\n ? find_nls+0x16/0xa0\n ? smb3_update_mnt_flags+0x372/0x3b0 [cifs]\n cifs_smb3_do_mount+0x1e2/0xc80 [cifs]\n ? __pfx_vfs_parse_fs_string+0x10/0x10\n ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs]\n smb3_get_tree+0x1bf/0x330 [cifs]\n vfs_get_tree+0x4a/0x160\n path_mount+0x3c1/0xfb0\n ? kasan_quarantine_put+0xc7/0x1d0\n ? __pfx_path_mount+0x10/0x10\n ? kmem_cache_free+0x118/0x3e0\n ? user_path_at+0x74/0xa0\n __x64_sys_mount+0x1a6/0x1e0\n ? __pfx___x64_sys_mount+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0xbb/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53185" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b2d712d-750e-4588-95ad-8de74405f070.json b/objects/vulnerability/vulnerability--4b2d712d-750e-4588-95ad-8de74405f070.json new file mode 100644 index 00000000000..34cd83d7e30 --- /dev/null +++ b/objects/vulnerability/vulnerability--4b2d712d-750e-4588-95ad-8de74405f070.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ac73005-bdcd-4371-9bb3-8710c8cc11b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b2d712d-750e-4588-95ad-8de74405f070", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.572669Z", + "modified": "2024-12-30T00:22:03.572669Z", + "name": "CVE-2024-56584", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/tctx: work around xa_store() allocation error issue\n\nsyzbot triggered the following WARN_ON:\n\nWARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51\n\nwhich is the\n\nWARN_ON_ONCE(!xa_empty(&tctx->xa));\n\nsanity check in __io_uring_free() when a io_uring_task is going through\nits final put. The syzbot test case includes injecting memory allocation\nfailures, and it very much looks like xa_store() can fail one of its\nmemory allocations and end up with ->head being non-NULL even though no\nentries exist in the xarray.\n\nUntil this issue gets sorted out, work around it by attempting to\niterate entries in our xarray, and WARN_ON_ONCE() if one is found.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bb1098d-5728-4278-98b0-e1d12f86766e.json b/objects/vulnerability/vulnerability--4bb1098d-5728-4278-98b0-e1d12f86766e.json new file mode 100644 index 00000000000..f698d6a9c50 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bb1098d-5728-4278-98b0-e1d12f86766e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8702efc2-defb-491a-a919-4256031f0f89", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bb1098d-5728-4278-98b0-e1d12f86766e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.60425Z", + "modified": "2024-12-30T00:22:03.60425Z", + "name": "CVE-2024-56703", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core—indicated by their 'next' and\n'previous' elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56703" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bf9d456-1383-474b-b866-d07ffc94885d.json b/objects/vulnerability/vulnerability--4bf9d456-1383-474b-b866-d07ffc94885d.json new file mode 100644 index 00000000000..c06d1861229 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bf9d456-1383-474b-b866-d07ffc94885d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--223cb653-f3dc-4bb4-95fd-b61e08ef28bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bf9d456-1383-474b-b866-d07ffc94885d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.494069Z", + "modified": "2024-12-30T00:22:03.494069Z", + "name": "CVE-2024-56728", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c03e78b-92c8-4e80-880b-0d9e3c6d5f7b.json b/objects/vulnerability/vulnerability--4c03e78b-92c8-4e80-880b-0d9e3c6d5f7b.json new file mode 100644 index 00000000000..93a6f2c817d --- /dev/null +++ b/objects/vulnerability/vulnerability--4c03e78b-92c8-4e80-880b-0d9e3c6d5f7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e4e25782-7b19-4738-a587-ba871fcec26e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c03e78b-92c8-4e80-880b-0d9e3c6d5f7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.401171Z", + "modified": "2024-12-30T00:22:02.401171Z", + "name": "CVE-2024-53166", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock, bfq: fix bfqq uaf in bfq_limit_depth()\n\nSet new allocated bfqq to bic or remove freed bfqq from bic are both\nprotected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq\nfrom bic without the lock, this can lead to UAF if the io_context is\nshared by multiple tasks.\n\nFor example, test bfq with io_uring can trigger following UAF in v6.6:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50\n\nCall Trace:\n \n dump_stack_lvl+0x47/0x80\n print_address_description.constprop.0+0x66/0x300\n print_report+0x3e/0x70\n kasan_report+0xb4/0xf0\n bfqq_group+0x15/0x50\n bfqq_request_over_limit+0x130/0x9a0\n bfq_limit_depth+0x1b5/0x480\n __blk_mq_alloc_requests+0x2b5/0xa00\n blk_mq_get_new_requests+0x11d/0x1d0\n blk_mq_submit_bio+0x286/0xb00\n submit_bio_noacct_nocheck+0x331/0x400\n __block_write_full_folio+0x3d0/0x640\n writepage_cb+0x3b/0xc0\n write_cache_pages+0x254/0x6c0\n write_cache_pages+0x254/0x6c0\n do_writepages+0x192/0x310\n filemap_fdatawrite_wbc+0x95/0xc0\n __filemap_fdatawrite_range+0x99/0xd0\n filemap_write_and_wait_range.part.0+0x4d/0xa0\n blkdev_read_iter+0xef/0x1e0\n io_read+0x1b6/0x8a0\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork_asm+0x1b/0x30\n \n\nAllocated by task 808602:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n __kasan_slab_alloc+0x83/0x90\n kmem_cache_alloc_node+0x1b1/0x6d0\n bfq_get_queue+0x138/0xfa0\n bfq_get_bfqq_handle_split+0xe3/0x2c0\n bfq_init_rq+0x196/0xbb0\n bfq_insert_request.isra.0+0xb5/0x480\n bfq_insert_requests+0x156/0x180\n blk_mq_insert_request+0x15d/0x440\n blk_mq_submit_bio+0x8a4/0xb00\n submit_bio_noacct_nocheck+0x331/0x400\n __blkdev_direct_IO_async+0x2dd/0x330\n blkdev_write_iter+0x39a/0x450\n io_write+0x22a/0x840\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x1b/0x30\n\nFreed by task 808589:\n kasan_save_stack+0x1e/0x40\n kasan_set_track+0x21/0x30\n kasan_save_free_info+0x27/0x40\n __kasan_slab_free+0x126/0x1b0\n kmem_cache_free+0x10c/0x750\n bfq_put_queue+0x2dd/0x770\n __bfq_insert_request.isra.0+0x155/0x7a0\n bfq_insert_request.isra.0+0x122/0x480\n bfq_insert_requests+0x156/0x180\n blk_mq_dispatch_plug_list+0x528/0x7e0\n blk_mq_flush_plug_list.part.0+0xe5/0x590\n __blk_flush_plug+0x3b/0x90\n blk_finish_plug+0x40/0x60\n do_writepages+0x19d/0x310\n filemap_fdatawrite_wbc+0x95/0xc0\n __filemap_fdatawrite_range+0x99/0xd0\n filemap_write_and_wait_range.part.0+0x4d/0xa0\n blkdev_read_iter+0xef/0x1e0\n io_read+0x1b6/0x8a0\n io_issue_sqe+0x87/0x300\n io_wq_submit_work+0xeb/0x390\n io_worker_handle_work+0x24d/0x550\n io_wq_worker+0x27f/0x6c0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x1b/0x30\n\nFix the problem by protecting bic_to_bfqq() with bfqd->lock.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cedd43d-6bf6-447d-8420-f80f5899626b.json b/objects/vulnerability/vulnerability--4cedd43d-6bf6-447d-8420-f80f5899626b.json new file mode 100644 index 00000000000..225d39a6f19 --- /dev/null +++ b/objects/vulnerability/vulnerability--4cedd43d-6bf6-447d-8420-f80f5899626b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b12c8340-4d1c-4d91-b575-d1d2d99d90ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cedd43d-6bf6-447d-8420-f80f5899626b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.395424Z", + "modified": "2024-12-30T00:22:03.395424Z", + "name": "CVE-2024-56581", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: ref-verify: fix use-after-free after invalid ref action\n\nAt btrfs_ref_tree_mod() after we successfully inserted the new ref entry\n(local variable 'ref') into the respective block entry's rbtree (local\nvariable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF,\nwe error out and free the ref entry without removing it from the block\nentry's rbtree. Then in the error path of btrfs_ref_tree_mod() we call\nbtrfs_free_ref_cache(), which iterates over all block entries and then\ncalls free_block_entry() for each one, and there we will trigger a\nuse-after-free when we are called against the block entry to which we\nadded the freed ref entry to its rbtree, since the rbtree still points\nto the block entry, as we didn't remove it from the rbtree before freeing\nit in the error path at btrfs_ref_tree_mod(). Fix this by removing the\nnew ref entry from the rbtree before freeing it.\n\nSyzbot report this with the following stack traces:\n\n BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314\n btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline]\n btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23\n btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482\n btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293\n vfs_unlink+0x365/0x650 fs/namei.c:4469\n do_unlinkat+0x4ae/0x830 fs/namei.c:4533\n __do_sys_unlinkat fs/namei.c:4576 [inline]\n __se_sys_unlinkat fs/namei.c:4569 [inline]\n __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n BTRFS error (device loop0 state EA): Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1\n __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521\n update_ref_for_cow+0x96a/0x11f0\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline]\n __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137\n __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171\n btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313\n prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586\n relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611\n btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081\n btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377\n __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161\n btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538\n BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615\n __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523\n update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512\n btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594\n btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754\n btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116\n btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411\n __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030\n btrfs_update_delayed_i\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d4effe8-596d-4fad-bf02-66b4fb5c73a4.json b/objects/vulnerability/vulnerability--4d4effe8-596d-4fad-bf02-66b4fb5c73a4.json new file mode 100644 index 00000000000..40a07567c8f --- /dev/null +++ b/objects/vulnerability/vulnerability--4d4effe8-596d-4fad-bf02-66b4fb5c73a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b7c6f7b-367e-4501-b9f4-1db0e35ffa5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d4effe8-596d-4fad-bf02-66b4fb5c73a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.374211Z", + "modified": "2024-12-30T00:22:03.374211Z", + "name": "CVE-2024-56563", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix cred leak in ceph_mds_check_access()\n\nget_current_cred() increments the reference counter, but the\nput_cred() call was missing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56563" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4db55808-81d6-4a2b-a6b8-6ca5085eb471.json b/objects/vulnerability/vulnerability--4db55808-81d6-4a2b-a6b8-6ca5085eb471.json new file mode 100644 index 00000000000..8257f705496 --- /dev/null +++ b/objects/vulnerability/vulnerability--4db55808-81d6-4a2b-a6b8-6ca5085eb471.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecdf7280-41b4-4a15-a9b7-f37dde5ae335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4db55808-81d6-4a2b-a6b8-6ca5085eb471", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.542437Z", + "modified": "2024-12-30T00:22:03.542437Z", + "name": "CVE-2024-56675", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors\n\nUprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU\nprotection. But it is possible to attach a non-sleepable BPF program to a\nuprobe, and non-sleepable BPF programs are freed via normal RCU (see\n__bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal\nRCU grace period does not imply a tasks-trace-RCU grace period.\n\nFix it by explicitly waiting for a tasks-trace-RCU grace period after\nremoving the attachment of a bpf_prog to a perf_event.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ef0294f-15ef-4bbd-a45d-78604c13bac4.json b/objects/vulnerability/vulnerability--4ef0294f-15ef-4bbd-a45d-78604c13bac4.json new file mode 100644 index 00000000000..585eaf14f92 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ef0294f-15ef-4bbd-a45d-78604c13bac4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88fcb159-6cbd-4920-8b3b-865b476eda63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ef0294f-15ef-4bbd-a45d-78604c13bac4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.461741Z", + "modified": "2024-12-30T00:22:03.461741Z", + "name": "CVE-2024-56626", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write\n\nAn offset from client could be a negative value, It could allows\nto write data outside the bounds of the allocated buffer.\nNote that this issue is coming when setting\n'vfs objects = streams_xattr parameter' in ksmbd.conf.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ef861e1-6633-431a-8605-b3e6ed886ed1.json b/objects/vulnerability/vulnerability--4ef861e1-6633-431a-8605-b3e6ed886ed1.json new file mode 100644 index 00000000000..bb088fa0f35 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ef861e1-6633-431a-8605-b3e6ed886ed1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad7f7db1-b4fe-48c2-82bb-8df771ac38f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ef861e1-6633-431a-8605-b3e6ed886ed1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.593698Z", + "modified": "2024-12-30T00:22:03.593698Z", + "name": "CVE-2024-56572", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()\n\nThe buffer in the loop should be released under the exception path,\notherwise there may be a memory leak here.\n\nTo mitigate this, free the buffer when allegro_alloc_buffer fails.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56572" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f016a3e-a327-4813-bee5-e37b2591d944.json b/objects/vulnerability/vulnerability--4f016a3e-a327-4813-bee5-e37b2591d944.json new file mode 100644 index 00000000000..8db50e901e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--4f016a3e-a327-4813-bee5-e37b2591d944.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--247c89e3-5034-48ae-87cc-2163ca868232", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f016a3e-a327-4813-bee5-e37b2591d944", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.405252Z", + "modified": "2024-12-30T00:22:03.405252Z", + "name": "CVE-2024-56689", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'\n\nIf platform_get_resource_byname() fails and returns NULL because DT lacks\nan 'mmio' property for the MHI endpoint, dereferencing res->start will\ncause a NULL pointer access. Add a check to prevent it.\n\n[kwilczynski: error message update per the review feedback]\n[bhelgaas: commit log]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50174d09-3df7-4144-930e-bddc9066e02d.json b/objects/vulnerability/vulnerability--50174d09-3df7-4144-930e-bddc9066e02d.json new file mode 100644 index 00000000000..021afdaf17a --- /dev/null +++ b/objects/vulnerability/vulnerability--50174d09-3df7-4144-930e-bddc9066e02d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52c60a3c-e667-412a-99da-d4677c0e91de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50174d09-3df7-4144-930e-bddc9066e02d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.489344Z", + "modified": "2024-12-30T00:22:03.489344Z", + "name": "CVE-2024-56707", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c\n\nAdd error pointer checks after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56707" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--508429a9-5ec3-4f2e-b78f-744698fe8cf5.json b/objects/vulnerability/vulnerability--508429a9-5ec3-4f2e-b78f-744698fe8cf5.json new file mode 100644 index 00000000000..ee0b8672f19 --- /dev/null +++ b/objects/vulnerability/vulnerability--508429a9-5ec3-4f2e-b78f-744698fe8cf5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3dbfafc3-0e75-46df-ac59-3e939f94fb1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--508429a9-5ec3-4f2e-b78f-744698fe8cf5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.097808Z", + "modified": "2024-12-30T00:22:02.097808Z", + "name": "CVE-2024-11921", + "description": "The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--508666fc-3c0f-44f8-ac5e-7533d9818791.json b/objects/vulnerability/vulnerability--508666fc-3c0f-44f8-ac5e-7533d9818791.json new file mode 100644 index 00000000000..e48b9bd7979 --- /dev/null +++ b/objects/vulnerability/vulnerability--508666fc-3c0f-44f8-ac5e-7533d9818791.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ce9cc47-17d9-4068-945f-99c84c10d528", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--508666fc-3c0f-44f8-ac5e-7533d9818791", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.515724Z", + "modified": "2024-12-30T00:22:03.515724Z", + "name": "CVE-2024-56753", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module\n\nThis commit addresses an omission in the previous patch related to the\ncleaner shader support for GFX9 hardware. Specifically, it adds the\nnecessary deinitialization code for the cleaner shader in the\ngfx_v9_0_sw_fini function.\n\nThe added line amdgpu_gfx_cleaner_shader_sw_fini(adev); ensures that any\nallocated resources for the cleaner shader are freed correctly, avoiding\npotential memory leaks and ensuring that the GPU state is clean for the\nnext initialization sequence.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56753" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5102ee24-e900-40d1-b1e4-ee12187fb25e.json b/objects/vulnerability/vulnerability--5102ee24-e900-40d1-b1e4-ee12187fb25e.json new file mode 100644 index 00000000000..5701aa72c32 --- /dev/null +++ b/objects/vulnerability/vulnerability--5102ee24-e900-40d1-b1e4-ee12187fb25e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e086978-4422-4f70-a004-b15768545427", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5102ee24-e900-40d1-b1e4-ee12187fb25e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.519119Z", + "modified": "2024-12-30T00:22:03.519119Z", + "name": "CVE-2024-56560", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nslab: Fix too strict alignment check in create_cache()\n\nOn m68k, where the minimum alignment of unsigned long is 2 bytes:\n\n Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22\n CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783\n Stack from 0102fe5c:\n\t 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b\n\t 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044\n\t 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007\n\t 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4\n\t 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004\n\t 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88\n Call Trace: [<00425e78>] dump_stack+0xc/0x10\n [<0041eb74>] panic+0xd8/0x26c\n [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8\n [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8\n [<0041e5f0>] memset+0x0/0x8c\n [<005f67c0>] io_uring_init+0x54/0xd2\n\nThe minimal alignment of an integral type may differ from its size,\nhence is not safe to assume that an arbitrary freeptr_t (which is\nbasically an unsigned long) is always aligned to 4 or 8 bytes.\n\nAs nothing seems to require the additional alignment, it is safe to fix\nthis by relaxing the check to the actual minimum alignment of freeptr_t.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--513c8813-40ff-4908-935f-c7f2dbda0190.json b/objects/vulnerability/vulnerability--513c8813-40ff-4908-935f-c7f2dbda0190.json new file mode 100644 index 00000000000..a1e33328854 --- /dev/null +++ b/objects/vulnerability/vulnerability--513c8813-40ff-4908-935f-c7f2dbda0190.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b9ac271-f608-4c7e-9d03-5cb9ccac9ed3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--513c8813-40ff-4908-935f-c7f2dbda0190", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.389972Z", + "modified": "2024-12-30T00:22:03.389972Z", + "name": "CVE-2024-56556", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix node UAF in binder_add_freeze_work()\n\nIn binder_add_freeze_work() we iterate over the proc->nodes with the\nproc->inner_lock held. However, this lock is temporarily dropped in\norder to acquire the node->lock first (lock nesting order). This can\nrace with binder_node_release() and trigger a use-after-free:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c\n Write of size 4 at addr ffff53c04c29dd04 by task freeze/640\n\n CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n _raw_spin_lock+0xe4/0x19c\n binder_add_freeze_work+0x148/0x478\n binder_ioctl+0x1e70/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n Allocated by task 637:\n __kmalloc_cache_noprof+0x12c/0x27c\n binder_new_node+0x50/0x700\n binder_transaction+0x35ac/0x6f74\n binder_thread_write+0xfb8/0x42a0\n binder_ioctl+0x18f0/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n Freed by task 637:\n kfree+0xf0/0x330\n binder_thread_read+0x1e88/0x3a68\n binder_ioctl+0x16d8/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n ==================================================================\n\nFix the race by taking a temporary reference on the node before\nreleasing the proc->inner lock. This ensures the node remains alive\nwhile in use.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56556" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51c1480a-7f93-4e3d-81ae-7780bda03fb4.json b/objects/vulnerability/vulnerability--51c1480a-7f93-4e3d-81ae-7780bda03fb4.json new file mode 100644 index 00000000000..7cc7a5f0f38 --- /dev/null +++ b/objects/vulnerability/vulnerability--51c1480a-7f93-4e3d-81ae-7780bda03fb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a8d0ab9-8078-42ef-b513-4978a619e3d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51c1480a-7f93-4e3d-81ae-7780bda03fb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.408712Z", + "modified": "2024-12-30T00:22:03.408712Z", + "name": "CVE-2024-56576", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix crash in the probe error path when using polling\n\nIf an error occurs in the probe() function, we should remove the polling\ntimer that was alarmed earlier, otherwise the timer is called with\narguments that are already freed, which results in a crash.\n\n------------[ cut here ]------------\nWARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268\nModules linked in:\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226\nHardware name: Diasom DS-RK3568-SOM-EVB (DT)\npstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __run_timers+0x244/0x268\nlr : __run_timers+0x1d4/0x268\nsp : ffffff80eff2baf0\nx29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00\nx26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00\nx23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000\nx20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff\nx17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e\nx14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000\nx11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009\nx8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480\nx5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240\nx2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0\nCall trace:\n __run_timers+0x244/0x268\n timer_expire_remote+0x50/0x68\n tmigr_handle_remote+0x388/0x39c\n run_timer_softirq+0x38/0x44\n handle_softirqs+0x138/0x298\n __do_softirq+0x14/0x20\n ____do_softirq+0x10/0x1c\n call_on_irq_stack+0x24/0x4c\n do_softirq_own_stack+0x1c/0x2c\n irq_exit_rcu+0x9c/0xcc\n el1_interrupt+0x48/0xc0\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x7c/0x80\n default_idle_call+0x34/0x68\n do_idle+0x23c/0x294\n cpu_startup_entry+0x38/0x3c\n secondary_start_kernel+0x128/0x160\n __secondary_switched+0xb8/0xbc\n---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--523e2edf-a310-492e-8ba5-1878907dc8da.json b/objects/vulnerability/vulnerability--523e2edf-a310-492e-8ba5-1878907dc8da.json new file mode 100644 index 00000000000..8c54d8fcd62 --- /dev/null +++ b/objects/vulnerability/vulnerability--523e2edf-a310-492e-8ba5-1878907dc8da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--720e7b21-8844-4cc8-aae1-db875d41a149", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--523e2edf-a310-492e-8ba5-1878907dc8da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:18.035273Z", + "modified": "2024-12-30T00:22:18.035273Z", + "name": "CVE-2020-1821", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1821" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52ea1d91-aa46-4c30-8e35-6118472e9fa7.json b/objects/vulnerability/vulnerability--52ea1d91-aa46-4c30-8e35-6118472e9fa7.json new file mode 100644 index 00000000000..da86aefd2bd --- /dev/null +++ b/objects/vulnerability/vulnerability--52ea1d91-aa46-4c30-8e35-6118472e9fa7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3bb9a630-4f08-448d-9722-0ef09808a74e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52ea1d91-aa46-4c30-8e35-6118472e9fa7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.526312Z", + "modified": "2024-12-30T00:22:03.526312Z", + "name": "CVE-2024-56569", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix regression with module command in stack_trace_filter\n\nWhen executing the following command:\n\n # echo \"write*:mod:ext3\" > /sys/kernel/tracing/stack_trace_filter\n\nThe current mod command causes a null pointer dereference. While commit\n0f17976568b3f (\"ftrace: Fix regression with module command in stack_trace_filter\")\nhas addressed part of the issue, it left a corner case unhandled, which still\nresults in a kernel crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--538a95b2-3aaf-421b-b1ba-7dd124aca9d1.json b/objects/vulnerability/vulnerability--538a95b2-3aaf-421b-b1ba-7dd124aca9d1.json new file mode 100644 index 00000000000..6c3e7e85c1d --- /dev/null +++ b/objects/vulnerability/vulnerability--538a95b2-3aaf-421b-b1ba-7dd124aca9d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff6eccae-b808-4a79-850e-ce138936f187", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--538a95b2-3aaf-421b-b1ba-7dd124aca9d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.470977Z", + "modified": "2024-12-30T00:22:02.470977Z", + "name": "CVE-2024-53211", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/l2tp: fix warning in l2tp_exit_net found by syzbot\n\nIn l2tp's net exit handler, we check that an IDR is empty before\ndestroying it:\n\n\tWARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr));\n\tidr_destroy(&pn->l2tp_tunnel_idr);\n\nBy forcing memory allocation failures in idr_alloc_32, syzbot is able\nto provoke a condition where idr_is_empty returns false despite there\nbeing no items in the IDR. This turns out to be because the radix tree\nof the IDR contains only internal radix-tree nodes and it is this that\ncauses idr_is_empty to return false. The internal nodes are cleaned by\nidr_destroy.\n\nUse idr_for_each to check that the IDR is empty instead of\nidr_is_empty to avoid the problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5393887f-c85e-453d-96a0-2a0aac2a1081.json b/objects/vulnerability/vulnerability--5393887f-c85e-453d-96a0-2a0aac2a1081.json new file mode 100644 index 00000000000..b041607de6b --- /dev/null +++ b/objects/vulnerability/vulnerability--5393887f-c85e-453d-96a0-2a0aac2a1081.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb561cd0-0e9f-432b-a3ef-5ed45ebcc135", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5393887f-c85e-453d-96a0-2a0aac2a1081", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.488324Z", + "modified": "2024-12-30T00:22:03.488324Z", + "name": "CVE-2024-56508", + "description": "LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the \"Import Bookmarks\" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53c72f54-2062-4683-b31e-7f231445ba87.json b/objects/vulnerability/vulnerability--53c72f54-2062-4683-b31e-7f231445ba87.json new file mode 100644 index 00000000000..41c860e3851 --- /dev/null +++ b/objects/vulnerability/vulnerability--53c72f54-2062-4683-b31e-7f231445ba87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--339d1fec-84f6-4d07-8d97-099ea06eb005", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53c72f54-2062-4683-b31e-7f231445ba87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.947484Z", + "modified": "2024-12-30T00:22:03.947484Z", + "name": "CVE-2024-13020", + "description": "A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--546445b5-4cec-4ec4-ab26-da09d610450b.json b/objects/vulnerability/vulnerability--546445b5-4cec-4ec4-ab26-da09d610450b.json new file mode 100644 index 00000000000..49f731bea8b --- /dev/null +++ b/objects/vulnerability/vulnerability--546445b5-4cec-4ec4-ab26-da09d610450b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c99abb4-7f13-437f-9ecb-a45236841b54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--546445b5-4cec-4ec4-ab26-da09d610450b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.533702Z", + "modified": "2024-12-30T00:22:03.533702Z", + "name": "CVE-2024-56646", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: avoid possible NULL deref in modify_prefix_route()\n\nsyzbot found a NULL deref [1] in modify_prefix_route(), caused by one\nfib6_info without a fib6_table pointer set.\n\nThis can happen for net->ipv6.fib6_null_entry\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089\nCode: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84\nRSP: 0018:ffffc900035d7268 EFLAGS: 00010006\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001\nR10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030\nR13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n modify_prefix_route+0x30b/0x8b0 net/ipv6/addrconf.c:4831\n inet6_addr_modify net/ipv6/addrconf.c:4923 [inline]\n inet6_rtm_newaddr+0x12c7/0x1ab0 net/ipv6/addrconf.c:5055\n rtnetlink_rcv_msg+0x3c7/0xea0 net/core/rtnetlink.c:6920\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2541\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg net/socket.c:726 [inline]\n ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2583\n ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637\n __sys_sendmsg+0x16e/0x220 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fd1dcef8b79\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79\nRDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004\nRBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c\nR13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59015157-cd1d-4122-a254-049e52f3ec0a.json b/objects/vulnerability/vulnerability--59015157-cd1d-4122-a254-049e52f3ec0a.json new file mode 100644 index 00000000000..085858b270e --- /dev/null +++ b/objects/vulnerability/vulnerability--59015157-cd1d-4122-a254-049e52f3ec0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d06f54c6-3f3b-415f-b18e-61c252547a68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59015157-cd1d-4122-a254-049e52f3ec0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.961105Z", + "modified": "2024-12-30T00:22:03.961105Z", + "name": "CVE-2024-13028", + "description": "A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13028" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--593dc65a-694d-409e-ba7d-4215fed1b75b.json b/objects/vulnerability/vulnerability--593dc65a-694d-409e-ba7d-4215fed1b75b.json new file mode 100644 index 00000000000..12441b7db47 --- /dev/null +++ b/objects/vulnerability/vulnerability--593dc65a-694d-409e-ba7d-4215fed1b75b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--20c282fb-6583-4acc-823f-1b0880a14ba7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--593dc65a-694d-409e-ba7d-4215fed1b75b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.60554Z", + "modified": "2024-12-30T00:22:03.60554Z", + "name": "CVE-2024-56623", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix use after free on unload\n\nSystem crash is observed with stack trace warning of use after\nfree. There are 2 signals to tell dpc_thread to terminate (UNLOADING\nflag and kthread_stop).\n\nOn setting the UNLOADING flag when dpc_thread happens to run at the time\nand sees the flag, this causes dpc_thread to exit and clean up\nitself. When kthread_stop is called for final cleanup, this causes use\nafter free.\n\nRemove UNLOADING signal to terminate dpc_thread. Use the kthread_stop\nas the main signal to exit dpc_thread.\n\n[596663.812935] kernel BUG at mm/slub.c:294!\n[596663.812950] invalid opcode: 0000 [#1] SMP PTI\n[596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1\n[596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012\n[596663.812974] RIP: 0010:__slab_free+0x17d/0x360\n\n...\n[596663.813008] Call Trace:\n[596663.813022] ? __dentry_kill+0x121/0x170\n[596663.813030] ? _cond_resched+0x15/0x30\n[596663.813034] ? _cond_resched+0x15/0x30\n[596663.813039] ? wait_for_completion+0x35/0x190\n[596663.813048] ? try_to_wake_up+0x63/0x540\n[596663.813055] free_task+0x5a/0x60\n[596663.813061] kthread_stop+0xf3/0x100\n[596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59cb3e8d-9ef9-49f4-9268-db436b71879f.json b/objects/vulnerability/vulnerability--59cb3e8d-9ef9-49f4-9268-db436b71879f.json new file mode 100644 index 00000000000..50c9c4b135d --- /dev/null +++ b/objects/vulnerability/vulnerability--59cb3e8d-9ef9-49f4-9268-db436b71879f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b963f012-a1c4-444d-aa7e-b8b2a709b817", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59cb3e8d-9ef9-49f4-9268-db436b71879f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.966288Z", + "modified": "2024-12-30T00:22:03.966288Z", + "name": "CVE-2024-13022", + "description": "A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13022" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5aede400-c740-435a-ae16-8a8fea2678ad.json b/objects/vulnerability/vulnerability--5aede400-c740-435a-ae16-8a8fea2678ad.json new file mode 100644 index 00000000000..4ee3e911ac4 --- /dev/null +++ b/objects/vulnerability/vulnerability--5aede400-c740-435a-ae16-8a8fea2678ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94827154-11a1-47f0-a120-ee8a45b55b37", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5aede400-c740-435a-ae16-8a8fea2678ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.598626Z", + "modified": "2024-12-30T00:22:03.598626Z", + "name": "CVE-2024-56568", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Defer probe of clients after smmu device bound\n\nNull pointer dereference occurs due to a race between smmu\ndriver probe and client driver probe, when of_dma_configure()\nfor client is called after the iommu_device_register() for smmu driver\nprobe has executed but before the driver_bound() for smmu driver\nhas been called.\n\nFollowing is how the race occurs:\n\nT1:Smmu device probe\t\tT2: Client device probe\n\nreally_probe()\narm_smmu_device_probe()\niommu_device_register()\n\t\t\t\t\treally_probe()\n\t\t\t\t\tplatform_dma_configure()\n\t\t\t\t\tof_dma_configure()\n\t\t\t\t\tof_dma_configure_id()\n\t\t\t\t\tof_iommu_configure()\n\t\t\t\t\tiommu_probe_device()\n\t\t\t\t\tiommu_init_device()\n\t\t\t\t\tarm_smmu_probe_device()\n\t\t\t\t\tarm_smmu_get_by_fwnode()\n\t\t\t\t\t\tdriver_find_device_by_fwnode()\n\t\t\t\t\t\tdriver_find_device()\n\t\t\t\t\t\tnext_device()\n\t\t\t\t\t\tklist_next()\n\t\t\t\t\t\t /* null ptr\n\t\t\t\t\t\t assigned to smmu */\n\t\t\t\t\t/* null ptr dereference\n\t\t\t\t\t while smmu->streamid_mask */\ndriver_bound()\n\tklist_add_tail()\n\nWhen this null smmu pointer is dereferenced later in\narm_smmu_probe_device, the device crashes.\n\nFix this by deferring the probe of the client device\nuntil the smmu device has bound to the arm smmu driver.\n\n[will: Add comment]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bb3c3b9-4683-465b-be3e-4d76f4d6f6dd.json b/objects/vulnerability/vulnerability--5bb3c3b9-4683-465b-be3e-4d76f4d6f6dd.json new file mode 100644 index 00000000000..a63911d2cce --- /dev/null +++ b/objects/vulnerability/vulnerability--5bb3c3b9-4683-465b-be3e-4d76f4d6f6dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbd043e6-1f5b-46c8-a712-801255faf24a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bb3c3b9-4683-465b-be3e-4d76f4d6f6dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.51462Z", + "modified": "2024-12-30T00:22:03.51462Z", + "name": "CVE-2024-56509", + "description": "changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d451005-1562-4c7c-86b9-9b0ce0a9c9ef.json b/objects/vulnerability/vulnerability--5d451005-1562-4c7c-86b9-9b0ce0a9c9ef.json new file mode 100644 index 00000000000..60ff21afb92 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d451005-1562-4c7c-86b9-9b0ce0a9c9ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f3227c14-3a3e-456d-99ec-db7cedfc10dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d451005-1562-4c7c-86b9-9b0ce0a9c9ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.48755Z", + "modified": "2024-12-30T00:22:02.48755Z", + "name": "CVE-2024-53223", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs\n\nBase clocks are the first in being probed and are real dependencies of the\nrest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,\nRT305x and RT3883 'xtal' must be defined first since in any other case,\nwhen fixed clocks are probed they are delayed until 'xtal' is probed so the\nfollowing warning appears:\n\n WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0\n Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000\n 80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000\n 00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000\n 203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009\n 00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000\n ...\n Call Trace:\n [<800065d0>] show_stack+0x64/0xf4\n [<804bca14>] dump_stack_lvl+0x38/0x60\n [<800218ac>] __warn+0x94/0xe4\n [<8002195c>] warn_slowpath_fmt+0x60/0x94\n [<80259ff8>] rt3883_bus_recalc_rate+0x98/0x138\n [<80254530>] __clk_register+0x568/0x688\n [<80254838>] of_clk_hw_register+0x18/0x2c\n [<8070b910>] rt2880_clk_of_clk_init_driver+0x18c/0x594\n [<8070b628>] of_clk_init+0x1c0/0x23c\n [<806fc448>] plat_time_init+0x58/0x18c\n [<806fdaf0>] time_init+0x10/0x6c\n [<806f9bc4>] start_kernel+0x458/0x67c\n\n ---[ end trace 0000000000000000 ]---\n\nWhen this driver was mainlined we could not find any active users of old\nralink SoCs so we cannot perform any real tests for them. Now, one user\nof a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and\nreported some issues in openWRT:\n- https://github.com/openwrt/openwrt/issues/16054\n\nThus, define a 'rt2880_xtal_recalc_rate()' just returning the expected\nfrequency 40Mhz and use it along the old ralink SoCs to have a correct\nboot trace with no warnings and a working clock plan from the beggining.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53223" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5df5d43a-6780-4732-a881-c75e35a05cf8.json b/objects/vulnerability/vulnerability--5df5d43a-6780-4732-a881-c75e35a05cf8.json new file mode 100644 index 00000000000..fba6765153d --- /dev/null +++ b/objects/vulnerability/vulnerability--5df5d43a-6780-4732-a881-c75e35a05cf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd414c49-122f-490c-9ca9-d56341b57807", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5df5d43a-6780-4732-a881-c75e35a05cf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.560841Z", + "modified": "2024-12-30T00:22:03.560841Z", + "name": "CVE-2024-56695", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'\n\nThe `kfd_get_cu_occupancy` function previously declared a large\n`cu_occupancy` array as a local variable, which could lead to stack\noverflows due to excessive stack usage. This commit replaces the static\narray allocation with dynamic memory allocation using `kcalloc`,\nthereby reducing the stack size.\n\nThis change avoids the risk of stack overflows in kernel space, in\nscenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is\nfreed using `kfree` before the function returns to prevent memory\nleaks.\n\nFixes the below with gcc W=1:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function ‘kfd_get_cu_occupancy’:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]\n 322 | }\n | ^", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e005cba-aae2-49b8-a6d0-5b304092aea9.json b/objects/vulnerability/vulnerability--5e005cba-aae2-49b8-a6d0-5b304092aea9.json new file mode 100644 index 00000000000..cd526c28030 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e005cba-aae2-49b8-a6d0-5b304092aea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c2b86d3-debd-48fc-92d0-35f65a5c1875", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e005cba-aae2-49b8-a6d0-5b304092aea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.575798Z", + "modified": "2024-12-30T00:22:03.575798Z", + "name": "CVE-2024-56574", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ts2020: fix null-ptr-deref in ts2020_probe()\n\nKASAN reported a null-ptr-deref issue when executing the following\ncommand:\n\n # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009)\n RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020]\n RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809\n RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010\n RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6\n R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790\n R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001\n FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ts2020_probe+0xad/0xe10 [ts2020]\n i2c_device_probe+0x421/0xb40\n really_probe+0x266/0x850\n ...\n\nThe cause of the problem is that when using sysfs to dynamically register\nan i2c device, there is no platform data, but the probe process of ts2020\nneeds to use platform data, resulting in a null pointer being accessed.\n\nSolve this problem by adding checks to platform data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fb30f5f-8cb3-40f1-b787-4b1e3c8749fa.json b/objects/vulnerability/vulnerability--5fb30f5f-8cb3-40f1-b787-4b1e3c8749fa.json new file mode 100644 index 00000000000..704c39d02ae --- /dev/null +++ b/objects/vulnerability/vulnerability--5fb30f5f-8cb3-40f1-b787-4b1e3c8749fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09e236f5-098f-4979-9a2e-11005c663f28", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fb30f5f-8cb3-40f1-b787-4b1e3c8749fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.473305Z", + "modified": "2024-12-30T00:22:03.473305Z", + "name": "CVE-2024-56537", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: xlnx: zynqmp_disp: layer may be null while releasing\n\nlayer->info can be null if we have an error on the first layer in\nzynqmp_disp_create_layers", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--611bd4a0-7f8f-4c83-81fd-0a62b2e7830f.json b/objects/vulnerability/vulnerability--611bd4a0-7f8f-4c83-81fd-0a62b2e7830f.json new file mode 100644 index 00000000000..510e9ee86a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--611bd4a0-7f8f-4c83-81fd-0a62b2e7830f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65fe97fc-e955-4add-9840-f4b19fb02b0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--611bd4a0-7f8f-4c83-81fd-0a62b2e7830f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.957094Z", + "modified": "2024-12-30T00:22:03.957094Z", + "name": "CVE-2024-13017", + "description": "A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/aboutus.php of the component About Us Page. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61613110-b2d1-41da-93f1-5354340086cf.json b/objects/vulnerability/vulnerability--61613110-b2d1-41da-93f1-5354340086cf.json new file mode 100644 index 00000000000..0954b5eb92d --- /dev/null +++ b/objects/vulnerability/vulnerability--61613110-b2d1-41da-93f1-5354340086cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f0462e6-97c7-4bfe-b17f-4a35a0667cf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61613110-b2d1-41da-93f1-5354340086cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.472164Z", + "modified": "2024-12-30T00:22:02.472164Z", + "name": "CVE-2024-53181", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: vector: Do not use drvdata in release\n\nThe drvdata is not available in release. Let's just use container_of()\nto get the vector_device instance. Otherwise, removing a vector device\nwill result in a crash:\n\nRIP: 0033:vector_device_release+0xf/0x50\nRSP: 00000000e187bc40 EFLAGS: 00010202\nRAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0\nRDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000\nRBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70\nR10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028\nR13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1\nWorkqueue: events mc_work_proc\nStack:\n 60028f61 623ae028 e187bc80 60276fcd\n 6220b9c0 603f5820 623ae028 00000000\n e187bcb0 603a2bcd 623ae000 62370010\nCall Trace:\n [<60028f61>] ? vector_device_release+0x0/0x50\n [<60276fcd>] device_release+0x70/0xba\n [<603a2bcd>] kobject_put+0xba/0xe7\n [<60277265>] put_device+0x19/0x1c\n [<60281266>] platform_device_put+0x26/0x29\n [<60281e5f>] platform_device_unregister+0x2c/0x2e\n [<60029422>] vector_remove+0x52/0x58\n [<60031316>] ? mconsole_reply+0x0/0x50\n [<600310c8>] mconsole_remove+0x160/0x1cc\n [<603b19f4>] ? strlen+0x0/0x15\n [<60066611>] ? __dequeue_entity+0x1a9/0x206\n [<600666a7>] ? set_next_entity+0x39/0x63\n [<6006666e>] ? set_next_entity+0x0/0x63\n [<60038fa6>] ? um_set_signals+0x0/0x43\n [<6003070c>] mc_work_proc+0x77/0x91\n [<60057664>] process_scheduled_works+0x1b3/0x2dd\n [<60055f32>] ? assign_work+0x0/0x58\n [<60057f0a>] worker_thread+0x1e9/0x293\n [<6005406f>] ? set_pf_worker+0x0/0x64\n [<6005d65d>] ? arch_local_irq_save+0x0/0x2d\n [<6005d748>] ? kthread_exit+0x0/0x3a\n [<60057d21>] ? worker_thread+0x0/0x293\n [<6005dbf1>] kthread+0x126/0x12b\n [<600219c5>] new_thread_handler+0x85/0xb6", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6642638b-7ba7-460f-bce2-bc6057d82cec.json b/objects/vulnerability/vulnerability--6642638b-7ba7-460f-bce2-bc6057d82cec.json new file mode 100644 index 00000000000..8a4d9831c8b --- /dev/null +++ b/objects/vulnerability/vulnerability--6642638b-7ba7-460f-bce2-bc6057d82cec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82a60648-bb28-4ef4-b263-dfa717c725be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6642638b-7ba7-460f-bce2-bc6057d82cec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:17.976475Z", + "modified": "2024-12-30T00:22:17.976475Z", + "name": "CVE-2020-1819", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66adf266-1e3c-4d3f-9c14-318b4c75a965.json b/objects/vulnerability/vulnerability--66adf266-1e3c-4d3f-9c14-318b4c75a965.json new file mode 100644 index 00000000000..cb321a5c23c --- /dev/null +++ b/objects/vulnerability/vulnerability--66adf266-1e3c-4d3f-9c14-318b4c75a965.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db80c275-63e4-401f-92c2-71634ecaeeb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66adf266-1e3c-4d3f-9c14-318b4c75a965", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.889144Z", + "modified": "2024-12-30T00:22:16.889144Z", + "name": "CVE-2020-9222", + "description": "There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68e5c199-b765-4d5e-94cb-b772123b393c.json b/objects/vulnerability/vulnerability--68e5c199-b765-4d5e-94cb-b772123b393c.json new file mode 100644 index 00000000000..03dde09d9fc --- /dev/null +++ b/objects/vulnerability/vulnerability--68e5c199-b765-4d5e-94cb-b772123b393c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3faf83c0-00bb-4755-b8ea-eb94d4880741", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68e5c199-b765-4d5e-94cb-b772123b393c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.518042Z", + "modified": "2024-12-30T00:22:03.518042Z", + "name": "CVE-2024-56561", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()\n\npci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI\ndomain ID, but there are two issues:\n\n - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already\n freed by device_unregister(), leading to a use-after-free issue.\n\n - Domain ID corresponds to the EPC device parent, so passing 'epc->dev'\n is also wrong.\n\nFix these issues by passing 'epc->dev.parent' to\npci_bus_release_domain_nr() and also do it before device_unregister().\n\n[mani: reworded subject and description]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6988ee24-6315-4b55-81f3-4d9799c8ae16.json b/objects/vulnerability/vulnerability--6988ee24-6315-4b55-81f3-4d9799c8ae16.json new file mode 100644 index 00000000000..dda8a804986 --- /dev/null +++ b/objects/vulnerability/vulnerability--6988ee24-6315-4b55-81f3-4d9799c8ae16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ff90bcc-fcd1-4431-8eaa-b8410a2e01b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6988ee24-6315-4b55-81f3-4d9799c8ae16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.864709Z", + "modified": "2024-12-30T00:22:16.864709Z", + "name": "CVE-2020-9086", + "description": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9086" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69f40490-960f-4bed-86aa-50f51cd1cc3a.json b/objects/vulnerability/vulnerability--69f40490-960f-4bed-86aa-50f51cd1cc3a.json new file mode 100644 index 00000000000..a6cba91efc5 --- /dev/null +++ b/objects/vulnerability/vulnerability--69f40490-960f-4bed-86aa-50f51cd1cc3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8fa8db2c-dbc8-4fcc-ac09-55bb42dbbaaa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69f40490-960f-4bed-86aa-50f51cd1cc3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.576957Z", + "modified": "2024-12-30T00:22:03.576957Z", + "name": "CVE-2024-56600", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet6: do not leave a dangling sk pointer in inet6_create()\n\nsock_init_data() attaches the allocated sk pointer to the provided sock\nobject. If inet6_create() fails later, the sk object is released, but the\nsock object retains the dangling sk pointer, which may cause use-after-free\nlater.\n\nClear the sock sk pointer on error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a216796-a7e7-4830-8628-12e3868af705.json b/objects/vulnerability/vulnerability--6a216796-a7e7-4830-8628-12e3868af705.json new file mode 100644 index 00000000000..1e8e0109cca --- /dev/null +++ b/objects/vulnerability/vulnerability--6a216796-a7e7-4830-8628-12e3868af705.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25a8322a-1eb6-44cc-b3cd-3f40aaebc003", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a216796-a7e7-4830-8628-12e3868af705", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.418248Z", + "modified": "2024-12-30T00:22:03.418248Z", + "name": "CVE-2024-56632", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix the memleak while create new ctrl failed\n\nNow while we create new ctrl failed, we have not free the\ntagset occupied by admin_q, here try to fix it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a3f4b74-124d-47e9-ad36-f9642ede0314.json b/objects/vulnerability/vulnerability--6a3f4b74-124d-47e9-ad36-f9642ede0314.json new file mode 100644 index 00000000000..dfd337f2acf --- /dev/null +++ b/objects/vulnerability/vulnerability--6a3f4b74-124d-47e9-ad36-f9642ede0314.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53859f14-11d1-4d0e-a7ce-63ecb49db396", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a3f4b74-124d-47e9-ad36-f9642ede0314", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.402378Z", + "modified": "2024-12-30T00:22:03.402378Z", + "name": "CVE-2024-56754", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - Fix the pointer passed to caam_qi_shutdown()\n\nThe type of the last parameter given to devm_add_action_or_reset() is\n\"struct caam_drv_private *\", but in caam_qi_shutdown(), it is casted to\n\"struct device *\".\n\nPass the correct parameter to devm_add_action_or_reset() so that the\nresources are released as expected.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6aa411c2-2558-49af-acb4-26d362780116.json b/objects/vulnerability/vulnerability--6aa411c2-2558-49af-acb4-26d362780116.json new file mode 100644 index 00000000000..4aa5a4bfa65 --- /dev/null +++ b/objects/vulnerability/vulnerability--6aa411c2-2558-49af-acb4-26d362780116.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b827e967-c125-478b-8b63-2b36c33b7109", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6aa411c2-2558-49af-acb4-26d362780116", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.412253Z", + "modified": "2024-12-30T00:22:03.412253Z", + "name": "CVE-2024-56619", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()\n\nSyzbot reported that when searching for records in a directory where the\ninode's i_size is corrupted and has a large value, memory access outside\nthe folio/page range may occur, or a use-after-free bug may be detected if\nKASAN is enabled.\n\nThis is because nilfs_last_byte(), which is called by nilfs_find_entry()\nand others to calculate the number of valid bytes of directory data in a\npage from i_size and the page index, loses the upper 32 bits of the 64-bit\nsize information due to an inappropriate type of local variable to which\nthe i_size value is assigned.\n\nThis caused a large byte offset value due to underflow in the end address\ncalculation in the calling nilfs_find_entry(), resulting in memory access\nthat exceeds the folio/page size.\n\nFix this issue by changing the type of the local variable causing the bit\nloss from \"unsigned int\" to \"u64\". The return value of nilfs_last_byte()\nis also of type \"unsigned int\", but it is truncated so as not to exceed\nPAGE_SIZE and no bit loss occurs, so no change is required.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56619" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c31b0bf-36e4-4423-9251-1186efa56359.json b/objects/vulnerability/vulnerability--6c31b0bf-36e4-4423-9251-1186efa56359.json new file mode 100644 index 00000000000..1e7a4bfb667 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c31b0bf-36e4-4423-9251-1186efa56359.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccf74b6b-cf49-406d-a052-f64e681529f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c31b0bf-36e4-4423-9251-1186efa56359", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.573076Z", + "modified": "2024-12-30T00:22:01.573076Z", + "name": "CVE-2024-12978", + "description": "A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c70ec2b-dde3-4dd5-8272-61999629f4f6.json b/objects/vulnerability/vulnerability--6c70ec2b-dde3-4dd5-8272-61999629f4f6.json new file mode 100644 index 00000000000..b559206502a --- /dev/null +++ b/objects/vulnerability/vulnerability--6c70ec2b-dde3-4dd5-8272-61999629f4f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7185264b-5931-4518-bc13-7d4a7e894fda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c70ec2b-dde3-4dd5-8272-61999629f4f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.43026Z", + "modified": "2024-12-30T00:22:02.43026Z", + "name": "CVE-2024-53228", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kvm: Fix out-of-bounds array access\n\nIn kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an\nout-of-bound index. This is used as a special marker for the base\nextensions, that cannot be disabled. However, when traversing the\nextensions, that special marker is not checked prior indexing the\narray.\n\nAdd an out-of-bounds check to the function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d28af88-30d1-47fc-ad02-4879bf266886.json b/objects/vulnerability/vulnerability--6d28af88-30d1-47fc-ad02-4879bf266886.json new file mode 100644 index 00000000000..8fbf7d2f581 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d28af88-30d1-47fc-ad02-4879bf266886.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3234c5f5-00d3-4826-902f-83c424177b38", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d28af88-30d1-47fc-ad02-4879bf266886", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.590669Z", + "modified": "2024-12-30T00:22:03.590669Z", + "name": "CVE-2024-56725", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56725" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6de1583a-74ad-4405-84ec-1e9928dfe3e3.json b/objects/vulnerability/vulnerability--6de1583a-74ad-4405-84ec-1e9928dfe3e3.json new file mode 100644 index 00000000000..709a5081b2c --- /dev/null +++ b/objects/vulnerability/vulnerability--6de1583a-74ad-4405-84ec-1e9928dfe3e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--75293a27-c6fd-4b67-8edc-71e29d4ad0d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6de1583a-74ad-4405-84ec-1e9928dfe3e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.370698Z", + "modified": "2024-12-30T00:22:03.370698Z", + "name": "CVE-2024-56602", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ieee802154: do not leave a dangling sk pointer in ieee802154_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If ieee802154_create() fails later, the allocated sk object is\nfreed, but the dangling pointer remains in the provided sock object, which\nmay allow use-after-free.\n\nClear the sk pointer in the sock object on error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6e84145a-bef8-4f2d-ab89-04c71109baaf.json b/objects/vulnerability/vulnerability--6e84145a-bef8-4f2d-ab89-04c71109baaf.json new file mode 100644 index 00000000000..0963e6e3ef9 --- /dev/null +++ b/objects/vulnerability/vulnerability--6e84145a-bef8-4f2d-ab89-04c71109baaf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--768878b9-43ba-43c0-890b-a58009c8493c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6e84145a-bef8-4f2d-ab89-04c71109baaf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.459828Z", + "modified": "2024-12-30T00:22:02.459828Z", + "name": "CVE-2024-53179", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free of signing key\n\nCustomers have reported use-after-free in @ses->auth_key.response with\nSMB2.1 + sign mounts which occurs due to following race:\n\ntask A task B\ncifs_mount()\n dfs_mount_share()\n get_session()\n cifs_mount_get_session() cifs_send_recv()\n cifs_get_smb_ses() compound_send_recv()\n cifs_setup_session() smb2_setup_request()\n kfree_sensitive() smb2_calc_signature()\n crypto_shash_setkey() *UAF*\n\nFix this by ensuring that we have a valid @ses->auth_key.response by\nchecking whether @ses->ses_status is SES_GOOD or SES_EXITING with\n@ses->ses_lock held. After commit 24a9799aa8ef (\"smb: client: fix UAF\nin smb2_reconnect_server()\"), we made sure to call ->logoff() only\nwhen @ses was known to be good (e.g. valid ->auth_key.response), so\nit's safe to access signing key when @ses->ses_status == SES_EXITING.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53179" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7019a8fe-ccac-4794-9fc6-be3532e2e847.json b/objects/vulnerability/vulnerability--7019a8fe-ccac-4794-9fc6-be3532e2e847.json new file mode 100644 index 00000000000..e08c02cf866 --- /dev/null +++ b/objects/vulnerability/vulnerability--7019a8fe-ccac-4794-9fc6-be3532e2e847.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8789ec2a-a5c1-450e-9a1e-72add2613317", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7019a8fe-ccac-4794-9fc6-be3532e2e847", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.868744Z", + "modified": "2024-12-30T00:22:16.868744Z", + "name": "CVE-2020-9210", + "description": "There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--70244656-2f65-4bb7-8478-7cf34a6ba3a9.json b/objects/vulnerability/vulnerability--70244656-2f65-4bb7-8478-7cf34a6ba3a9.json new file mode 100644 index 00000000000..fe00f802afc --- /dev/null +++ b/objects/vulnerability/vulnerability--70244656-2f65-4bb7-8478-7cf34a6ba3a9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97d7df38-4032-40aa-98c1-0b79d33ed0a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--70244656-2f65-4bb7-8478-7cf34a6ba3a9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.396685Z", + "modified": "2024-12-30T00:22:03.396685Z", + "name": "CVE-2024-56710", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix memory leak in ceph_direct_read_write()\n\nThe bvecs array which is allocated in iter_get_bvecs_alloc() is leaked\nand pages remain pinned if ceph_alloc_sparse_ext_map() fails.\n\nThere is no need to delay the allocation of sparse_ext map until after\nthe bvecs array is set up, so fix this by moving sparse_ext allocation\na bit earlier. Also, make a similar adjustment in __ceph_sync_read()\nfor consistency (a leak of the same kind in __ceph_sync_read() has been\naddressed differently).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56710" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--706dccde-417d-4c72-89e6-7dfd610a97ad.json b/objects/vulnerability/vulnerability--706dccde-417d-4c72-89e6-7dfd610a97ad.json new file mode 100644 index 00000000000..0b3daae89d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--706dccde-417d-4c72-89e6-7dfd610a97ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a46e6980-4982-4a7c-9e6c-a0dfd5344a4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--706dccde-417d-4c72-89e6-7dfd610a97ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.474262Z", + "modified": "2024-12-30T00:22:03.474262Z", + "name": "CVE-2024-56552", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/guc_submit: fix race around suspend_pending\n\nCurrently in some testcases we can trigger:\n\nxe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed!\n....\nWARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe]\nxe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57\n\nLooking at a snippet of corresponding ftrace for this GuC id we can see:\n\n162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3\n162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674089: xe_exec_queue_kill: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0\n162.674108: xe_exec_queue_close: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.674488: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0\n162.678452: xe_exec_queue_deregister: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa1, flags=0x0\n\nIt looks like we try to suspend the queue (opcode=3), setting\nsuspend_pending and triggering a disable_scheduling. The user then\ncloses the queue. However the close will also forcefully signal the\nsuspend fence after killing the queue, later when the G2H response for\ndisable_scheduling comes back we have now cleared suspend_pending when\nsignalling the suspend fence, so the disable_scheduling now incorrectly\ntries to also deregister the queue. This leads to warnings since the queue\nhas yet to even be marked for destruction. We also seem to trigger\nerrors later with trying to double unregister the same queue.\n\nTo fix this tweak the ordering when handling the response to ensure we\ndon't race with a disable_scheduling that didn't actually intend to\nperform an unregister. The destruction path should now also correctly\nwait for any pending_disable before marking as destroyed.\n\n(cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56552" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--711fe948-5d03-4df0-af14-7dc29498d5d0.json b/objects/vulnerability/vulnerability--711fe948-5d03-4df0-af14-7dc29498d5d0.json new file mode 100644 index 00000000000..35b9e649826 --- /dev/null +++ b/objects/vulnerability/vulnerability--711fe948-5d03-4df0-af14-7dc29498d5d0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ccf486c2-101a-41b1-aa48-e353438f2d22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--711fe948-5d03-4df0-af14-7dc29498d5d0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:17.986765Z", + "modified": "2024-12-30T00:22:17.986765Z", + "name": "CVE-2020-1818", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1818" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7150acfd-5b25-40f5-92a5-ac209ff9bc29.json b/objects/vulnerability/vulnerability--7150acfd-5b25-40f5-92a5-ac209ff9bc29.json new file mode 100644 index 00000000000..cf3926bf0ee --- /dev/null +++ b/objects/vulnerability/vulnerability--7150acfd-5b25-40f5-92a5-ac209ff9bc29.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f52c486b-a796-4ad5-9299-da7be51c5170", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7150acfd-5b25-40f5-92a5-ac209ff9bc29", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.569195Z", + "modified": "2024-12-30T00:22:03.569195Z", + "name": "CVE-2024-56627", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read\n\nAn offset from client could be a negative value, It could lead\nto an out-of-bounds read from the stream_buf.\nNote that this issue is coming when setting\n'vfs objects = streams_xattr parameter' in ksmbd.conf.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56627" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71d44c8c-b6e5-4c87-bd40-b7ed6743bdf4.json b/objects/vulnerability/vulnerability--71d44c8c-b6e5-4c87-bd40-b7ed6743bdf4.json new file mode 100644 index 00000000000..96674a4df52 --- /dev/null +++ b/objects/vulnerability/vulnerability--71d44c8c-b6e5-4c87-bd40-b7ed6743bdf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8705b6e5-fdaf-4b4d-b69a-a736a2bbdc27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71d44c8c-b6e5-4c87-bd40-b7ed6743bdf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.445778Z", + "modified": "2024-12-30T00:22:02.445778Z", + "name": "CVE-2024-53189", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan\n\nThe channels array in the cfg80211_scan_request has a __counted_by\nattribute attached to it, which points to the n_channels variable. This\nattribute is used in bounds checking, and if it is not set before the\narray is filled, then the bounds sanitizer will issue a warning or a\nkernel panic if CONFIG_UBSAN_TRAP is set.\n\nThis patch sets the size of allocated memory as the initial value for\nn_channels. It is updated with the actual number of added elements after\nthe array is filled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53189" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72966e8a-9b0c-4172-91a2-e81e3d4bd029.json b/objects/vulnerability/vulnerability--72966e8a-9b0c-4172-91a2-e81e3d4bd029.json new file mode 100644 index 00000000000..c437d3934d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--72966e8a-9b0c-4172-91a2-e81e3d4bd029.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99bbb4bb-d485-430b-857c-529c34b9fdab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72966e8a-9b0c-4172-91a2-e81e3d4bd029", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.460513Z", + "modified": "2024-12-30T00:22:03.460513Z", + "name": "CVE-2024-56650", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: x_tables: fix LED ID check in led_tg_check()\n\nSyzbot has reported the following BUG detected by KASAN:\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70\nRead of size 1 at addr ffff8881022da0c8 by task repro/5879\n...\nCall Trace:\n \n dump_stack_lvl+0x241/0x360\n ? __pfx_dump_stack_lvl+0x10/0x10\n ? __pfx__printk+0x10/0x10\n ? _printk+0xd5/0x120\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n print_report+0x169/0x550\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x183/0x530\n ? __virt_addr_valid+0x45f/0x530\n ? __phys_addr+0xba/0x170\n ? strlen+0x58/0x70\n kasan_report+0x143/0x180\n ? strlen+0x58/0x70\n strlen+0x58/0x70\n kstrdup+0x20/0x80\n led_tg_check+0x18b/0x3c0\n xt_check_target+0x3bb/0xa40\n ? __pfx_xt_check_target+0x10/0x10\n ? stack_depot_save_flags+0x6e4/0x830\n ? nft_target_init+0x174/0xc30\n nft_target_init+0x82d/0xc30\n ? __pfx_nft_target_init+0x10/0x10\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? rcu_is_watching+0x15/0xb0\n ? nf_tables_newrule+0x1609/0x2980\n ? nf_tables_newrule+0x1609/0x2980\n ? __kmalloc_noprof+0x21a/0x400\n nf_tables_newrule+0x1860/0x2980\n ? __pfx_nf_tables_newrule+0x10/0x10\n ? __nla_parse+0x40/0x60\n nfnetlink_rcv+0x14e5/0x2ab0\n ? __pfx_validate_chain+0x10/0x10\n ? __pfx_nfnetlink_rcv+0x10/0x10\n ? __lock_acquire+0x1384/0x2050\n ? netlink_deliver_tap+0x2e/0x1b0\n ? __pfx_lock_release+0x10/0x10\n ? netlink_deliver_tap+0x2e/0x1b0\n netlink_unicast+0x7f8/0x990\n ? __pfx_netlink_unicast+0x10/0x10\n ? __virt_addr_valid+0x183/0x530\n ? __check_object_size+0x48e/0x900\n netlink_sendmsg+0x8e4/0xcb0\n ? __pfx_netlink_sendmsg+0x10/0x10\n ? aa_sock_msg_perm+0x91/0x160\n ? __pfx_netlink_sendmsg+0x10/0x10\n __sock_sendmsg+0x223/0x270\n ____sys_sendmsg+0x52a/0x7e0\n ? __pfx_____sys_sendmsg+0x10/0x10\n __sys_sendmsg+0x292/0x380\n ? __pfx___sys_sendmsg+0x10/0x10\n ? lockdep_hardirqs_on_prepare+0x43d/0x780\n ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10\n ? exc_page_fault+0x590/0x8c0\n ? do_syscall_64+0xb6/0x230\n do_syscall_64+0xf3/0x230\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n \n\nSince an invalid (without '\\0' byte at all) byte sequence may be passed\nfrom userspace, add an extra check to ensure that such a sequence is\nrejected as possible ID and so never passed to 'kstrdup()' and further.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72d0fc53-1586-41bd-a9a2-1ae0a352f483.json b/objects/vulnerability/vulnerability--72d0fc53-1586-41bd-a9a2-1ae0a352f483.json new file mode 100644 index 00000000000..23a4ea0754b --- /dev/null +++ b/objects/vulnerability/vulnerability--72d0fc53-1586-41bd-a9a2-1ae0a352f483.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed895899-166c-4363-8f54-a659c10d952c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72d0fc53-1586-41bd-a9a2-1ae0a352f483", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.58646Z", + "modified": "2024-12-30T00:22:03.58646Z", + "name": "CVE-2024-56722", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix cpu stuck caused by printings during reset\n\nDuring reset, cmd to destroy resources such as qp, cq, and mr may fail,\nand error logs will be printed. When a large number of resources are\ndestroyed, there will be lots of printings, and it may lead to a cpu\nstuck.\n\nDelete some unnecessary printings and replace other printing functions\nin these paths with the ratelimited version.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56722" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7377dbe0-6998-427d-83b7-e4806fdeff10.json b/objects/vulnerability/vulnerability--7377dbe0-6998-427d-83b7-e4806fdeff10.json new file mode 100644 index 00000000000..a1db5c2a702 --- /dev/null +++ b/objects/vulnerability/vulnerability--7377dbe0-6998-427d-83b7-e4806fdeff10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfc78521-2787-43d1-9615-aad22b281977", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7377dbe0-6998-427d-83b7-e4806fdeff10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.387639Z", + "modified": "2024-12-30T00:22:02.387639Z", + "name": "CVE-2024-53174", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: make sure cache entry active before cache_show\n\nThe function `c_show` was called with protection from RCU. This only\nensures that `cp` will not be freed. Therefore, the reference count for\n`cp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `cache_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `cp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 7 PID: 822 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 7 UID: 0 PID: 822 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n\nCall Trace:\n \n c_show+0x2fc/0x380 [sunrpc]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n proc_reg_read+0xe1/0x140\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--752a402e-bc59-4a78-ab14-a0a2a88d28cf.json b/objects/vulnerability/vulnerability--752a402e-bc59-4a78-ab14-a0a2a88d28cf.json new file mode 100644 index 00000000000..0861fb8a69d --- /dev/null +++ b/objects/vulnerability/vulnerability--752a402e-bc59-4a78-ab14-a0a2a88d28cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1b01e67-5693-4e8d-bef1-573d80750496", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--752a402e-bc59-4a78-ab14-a0a2a88d28cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.524286Z", + "modified": "2024-12-30T00:22:03.524286Z", + "name": "CVE-2024-56603", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: af_can: do not leave a dangling sk pointer in can_create()\n\nOn error can_create() frees the allocated sk object, but sock_init_data()\nhas already attached it to the provided sock object. This will leave a\ndangling sk pointer in the sock object and may cause use-after-free later.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--765356e0-c732-4c45-a7d8-8c6b93cd968c.json b/objects/vulnerability/vulnerability--765356e0-c732-4c45-a7d8-8c6b93cd968c.json new file mode 100644 index 00000000000..271d592c33b --- /dev/null +++ b/objects/vulnerability/vulnerability--765356e0-c732-4c45-a7d8-8c6b93cd968c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b421ef5-99da-4ede-85d3-dbb6012fdb6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--765356e0-c732-4c45-a7d8-8c6b93cd968c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.523104Z", + "modified": "2024-12-30T00:22:03.523104Z", + "name": "CVE-2024-56575", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Ensure power suppliers be suspended before detach them\n\nThe power suppliers are always requested to suspend asynchronously,\ndev_pm_domain_detach() requires the caller to ensure proper\nsynchronization of this function with power management callbacks.\notherwise the detach may led to kernel panic, like below:\n\n[ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040\n[ 1457.116777] Mem abort info:\n[ 1457.119589] ESR = 0x0000000096000004\n[ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1457.128692] SET = 0, FnV = 0\n[ 1457.131764] EA = 0, S1PTW = 0\n[ 1457.134920] FSC = 0x04: level 0 translation fault\n[ 1457.139812] Data abort info:\n[ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000\n[ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000\n[ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec]\n[ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66\n[ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT)\n[ 1457.199236] Workqueue: pm pm_runtime_work\n[ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290\n[ 1457.214886] lr : __rpm_callback+0x48/0x1d8\n[ 1457.218968] sp : ffff80008250bc50\n[ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000\n[ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240\n[ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008\n[ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff\n[ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674\n[ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002\n[ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0\n[ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000\n[ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000\n[ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000\n[ 1457.293510] Call trace:\n[ 1457.295946] genpd_runtime_suspend+0x20/0x290\n[ 1457.300296] __rpm_callback+0x48/0x1d8\n[ 1457.304038] rpm_callback+0x6c/0x78\n[ 1457.307515] rpm_suspend+0x10c/0x570\n[ 1457.311077] pm_runtime_work+0xc4/0xc8\n[ 1457.314813] process_one_work+0x138/0x248\n[ 1457.318816] worker_thread+0x320/0x438\n[ 1457.322552] kthread+0x110/0x114\n[ 1457.325767] ret_from_fork+0x10/0x20", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56575" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78d02f7f-d6b0-4bd8-8eee-68ce2a3cc267.json b/objects/vulnerability/vulnerability--78d02f7f-d6b0-4bd8-8eee-68ce2a3cc267.json new file mode 100644 index 00000000000..0bce59d92d2 --- /dev/null +++ b/objects/vulnerability/vulnerability--78d02f7f-d6b0-4bd8-8eee-68ce2a3cc267.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3d4b5bd8-89ce-4a83-8a78-db573750bfe4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78d02f7f-d6b0-4bd8-8eee-68ce2a3cc267", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.107797Z", + "modified": "2024-12-30T00:22:02.107797Z", + "name": "CVE-2024-11645", + "description": "The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b1a148f-a238-46d0-8336-c3f8fda1f894.json b/objects/vulnerability/vulnerability--7b1a148f-a238-46d0-8336-c3f8fda1f894.json new file mode 100644 index 00000000000..a046ff6cf24 --- /dev/null +++ b/objects/vulnerability/vulnerability--7b1a148f-a238-46d0-8336-c3f8fda1f894.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--543461f3-045e-4441-b350-647dc62c98eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b1a148f-a238-46d0-8336-c3f8fda1f894", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.49269Z", + "modified": "2024-12-30T00:22:03.49269Z", + "name": "CVE-2024-56666", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Dereference null return value\n\nIn the function pqm_uninit there is a call-assignment of \"pdd =\nkfd_get_process_device_data\" which could be null, and this value was\nlater dereferenced without checking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56666" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b22f689-6940-4619-90d0-d81e9df244cc.json b/objects/vulnerability/vulnerability--7b22f689-6940-4619-90d0-d81e9df244cc.json new file mode 100644 index 00000000000..95d7c09ae4a --- /dev/null +++ b/objects/vulnerability/vulnerability--7b22f689-6940-4619-90d0-d81e9df244cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45b4c384-ca8c-4fcb-999b-e191bf3648dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b22f689-6940-4619-90d0-d81e9df244cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.483737Z", + "modified": "2024-12-30T00:22:03.483737Z", + "name": "CVE-2024-56618", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx: gpcv2: Adjust delay after power up handshake\n\nThe udelay(5) is not enough, sometimes below kernel panic\nstill be triggered:\n\n[ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt\n[ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1\n[ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT)\n[ 4.012985] Call trace:\n[...]\n[ 4.013029] arm64_serror_panic+0x64/0x70\n[ 4.013034] do_serror+0x3c/0x70\n[ 4.013039] el1h_64_error_handler+0x30/0x54\n[ 4.013046] el1h_64_error+0x64/0x68\n[ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48\n[ 4.013059] __genpd_runtime_resume+0x30/0x80\n[ 4.013066] genpd_runtime_resume+0x114/0x29c\n[ 4.013073] __rpm_callback+0x48/0x1e0\n[ 4.013079] rpm_callback+0x68/0x80\n[ 4.013084] rpm_resume+0x3bc/0x6a0\n[ 4.013089] __pm_runtime_resume+0x50/0x9c\n[ 4.013095] pm_runtime_get_suppliers+0x60/0x8c\n[ 4.013101] __driver_probe_device+0x4c/0x14c\n[ 4.013108] driver_probe_device+0x3c/0x120\n[ 4.013114] __driver_attach+0xc4/0x200\n[ 4.013119] bus_for_each_dev+0x7c/0xe0\n[ 4.013125] driver_attach+0x24/0x30\n[ 4.013130] bus_add_driver+0x110/0x240\n[ 4.013135] driver_register+0x68/0x124\n[ 4.013142] __platform_driver_register+0x24/0x30\n[ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma]\n[ 4.013163] do_one_initcall+0x60/0x1e0\n[ 4.013168] do_init_module+0x5c/0x21c\n[ 4.013175] load_module+0x1a98/0x205c\n[ 4.013181] init_module_from_file+0x88/0xd4\n[ 4.013187] __arm64_sys_finit_module+0x258/0x350\n[ 4.013194] invoke_syscall.constprop.0+0x50/0xe0\n[ 4.013202] do_el0_svc+0xa8/0xe0\n[ 4.013208] el0_svc+0x3c/0x140\n[ 4.013215] el0t_64_sync_handler+0x120/0x12c\n[ 4.013222] el0t_64_sync+0x190/0x194\n[ 4.013228] SMP: stopping secondary CPUs\n\nThe correct way is to wait handshake, but it needs BUS clock of\nBLK-CTL be enabled, which is in separate driver. So delay is the\nonly option here. The udelay(10) is a data got by experiment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56618" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b3a649a-b05e-4328-bce7-7ff5dc99a388.json b/objects/vulnerability/vulnerability--7b3a649a-b05e-4328-bce7-7ff5dc99a388.json new file mode 100644 index 00000000000..77bd29a2eec --- /dev/null +++ b/objects/vulnerability/vulnerability--7b3a649a-b05e-4328-bce7-7ff5dc99a388.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9eed01b7-a0d1-426d-b81c-149c906a979d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b3a649a-b05e-4328-bce7-7ff5dc99a388", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.425444Z", + "modified": "2024-12-30T00:22:02.425444Z", + "name": "CVE-2024-53239", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: Release resources at card release\n\nThe current 6fire code tries to release the resources right after the\ncall of usb6fire_chip_abort(). But at this moment, the card object\nmight be still in use (as we're calling snd_card_free_when_closed()).\n\nFor avoid potential UAFs, move the release of resources to the card's\nprivate_free instead of the manual call of usb6fire_chip_destroy() at\nthe USB disconnect callback.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c140949-e686-47c7-ba1f-1615898cd258.json b/objects/vulnerability/vulnerability--7c140949-e686-47c7-ba1f-1615898cd258.json new file mode 100644 index 00000000000..24ac4b3d365 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c140949-e686-47c7-ba1f-1615898cd258.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94dddac0-4817-4716-a0dc-c11cf4fe10ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c140949-e686-47c7-ba1f-1615898cd258", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.36095Z", + "modified": "2024-12-30T00:22:02.36095Z", + "name": "CVE-2024-53184", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: ubd: Do not use drvdata in release\n\nThe drvdata is not available in release. Let's just use container_of()\nto get the ubd instance. Otherwise, removing a ubd device will result\nin a crash:\n\nRIP: 0033:blk_mq_free_tag_set+0x1f/0xba\nRSP: 00000000e2083bf0 EFLAGS: 00010246\nRAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00\nRDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348\nRBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7\nR10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000\nR13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1\nWorkqueue: events mc_work_proc\nStack:\n 00000000 604f7ef0 62c5d000 62405d20\n e2083c30 6002c776 6002c755 600e47ff\n e2083c60 6025ffe3 04208060 603d36e0\nCall Trace:\n [<6002c776>] ubd_device_release+0x21/0x55\n [<6002c755>] ? ubd_device_release+0x0/0x55\n [<600e47ff>] ? kfree+0x0/0x100\n [<6025ffe3>] device_release+0x70/0xba\n [<60381d6a>] kobject_put+0xb5/0xe2\n [<6026027b>] put_device+0x19/0x1c\n [<6026a036>] platform_device_put+0x26/0x29\n [<6026ac5a>] platform_device_unregister+0x2c/0x2e\n [<6002c52e>] ubd_remove+0xb8/0xd6\n [<6002bb74>] ? mconsole_reply+0x0/0x50\n [<6002b926>] mconsole_remove+0x160/0x1cc\n [<6002bbbc>] ? mconsole_reply+0x48/0x50\n [<6003379c>] ? um_set_signals+0x3b/0x43\n [<60061c55>] ? update_min_vruntime+0x14/0x70\n [<6006251f>] ? dequeue_task_fair+0x164/0x235\n [<600620aa>] ? update_cfs_group+0x0/0x40\n [<603a0e77>] ? __schedule+0x0/0x3ed\n [<60033761>] ? um_set_signals+0x0/0x43\n [<6002af6a>] mc_work_proc+0x77/0x91\n [<600520b4>] process_scheduled_works+0x1af/0x2c3\n [<6004ede3>] ? assign_work+0x0/0x58\n [<600527a1>] worker_thread+0x2f7/0x37a\n [<6004ee3b>] ? set_pf_worker+0x0/0x64\n [<6005765d>] ? arch_local_irq_save+0x0/0x2d\n [<60058e07>] ? kthread_exit+0x0/0x3a\n [<600524aa>] ? worker_thread+0x0/0x37a\n [<60058f9f>] kthread+0x130/0x135\n [<6002068e>] new_thread_handler+0x85/0xb6", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53184" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d21955f-2aff-4c72-9865-c5054c2b5753.json b/objects/vulnerability/vulnerability--7d21955f-2aff-4c72-9865-c5054c2b5753.json new file mode 100644 index 00000000000..eccb86d11b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d21955f-2aff-4c72-9865-c5054c2b5753.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6aef853-93d8-4d53-93f2-462cfd166c29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d21955f-2aff-4c72-9865-c5054c2b5753", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:17.982817Z", + "modified": "2024-12-30T00:22:17.982817Z", + "name": "CVE-2020-1824", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1824" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e04ccaf-dbb3-48e7-8ed8-69820bb1568e.json b/objects/vulnerability/vulnerability--7e04ccaf-dbb3-48e7-8ed8-69820bb1568e.json new file mode 100644 index 00000000000..15d5db193b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e04ccaf-dbb3-48e7-8ed8-69820bb1568e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bec98b3-1d83-4736-8cc7-870de9bda2cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e04ccaf-dbb3-48e7-8ed8-69820bb1568e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.968187Z", + "modified": "2024-12-30T00:22:03.968187Z", + "name": "CVE-2024-13007", + "description": "A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13007" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e0c74fa-e47e-4f27-8ecb-34f0cc2b68c4.json b/objects/vulnerability/vulnerability--7e0c74fa-e47e-4f27-8ecb-34f0cc2b68c4.json new file mode 100644 index 00000000000..230c851c31f --- /dev/null +++ b/objects/vulnerability/vulnerability--7e0c74fa-e47e-4f27-8ecb-34f0cc2b68c4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--394348e6-7c84-44c0-af5b-ede6926c7218", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e0c74fa-e47e-4f27-8ecb-34f0cc2b68c4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.453014Z", + "modified": "2024-12-30T00:22:02.453014Z", + "name": "CVE-2024-53203", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential array underflow in ucsi_ccg_sync_control()\n\nThe \"command\" variable can be controlled by the user via debugfs. The\nworry is that if con_index is zero then \"&uc->ucsi->connector[con_index\n- 1]\" would be an array underflow.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e5b11a1-124f-4198-ae5d-e4902121d36b.json b/objects/vulnerability/vulnerability--7e5b11a1-124f-4198-ae5d-e4902121d36b.json new file mode 100644 index 00000000000..858b9d03f52 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e5b11a1-124f-4198-ae5d-e4902121d36b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--39bd32ab-f0cd-487d-80c5-4321cdeb5d17", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e5b11a1-124f-4198-ae5d-e4902121d36b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.534713Z", + "modified": "2024-12-30T00:22:03.534713Z", + "name": "CVE-2024-56583", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/deadline: Fix warning in migrate_enable for boosted tasks\n\nWhen running the following command:\n\nwhile true; do\n stress-ng --cyclic 30 --timeout 30s --minimize --quiet\ndone\n\na warning is eventually triggered:\n\nWARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794\nsetup_new_dl_entity+0x13e/0x180\n...\nCall Trace:\n \n ? show_trace_log_lvl+0x1c4/0x2df\n ? enqueue_dl_entity+0x631/0x6e0\n ? setup_new_dl_entity+0x13e/0x180\n ? __warn+0x7e/0xd0\n ? report_bug+0x11a/0x1a0\n ? handle_bug+0x3c/0x70\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n enqueue_dl_entity+0x631/0x6e0\n enqueue_task_dl+0x7d/0x120\n __do_set_cpus_allowed+0xe3/0x280\n __set_cpus_allowed_ptr_locked+0x140/0x1d0\n __set_cpus_allowed_ptr+0x54/0xa0\n migrate_enable+0x7e/0x150\n rt_spin_unlock+0x1c/0x90\n group_send_sig_info+0xf7/0x1a0\n ? kill_pid_info+0x1f/0x1d0\n kill_pid_info+0x78/0x1d0\n kill_proc_info+0x5b/0x110\n __x64_sys_kill+0x93/0xc0\n do_syscall_64+0x5c/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7f0dab31f92b\n\nThis warning occurs because set_cpus_allowed dequeues and enqueues tasks\nwith the ENQUEUE_RESTORE flag set. If the task is boosted, the warning\nis triggered. A boosted task already had its parameters set by\nrt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,\nhence the WARN_ON call.\n\nCheck if we are requeueing a boosted task and avoid calling\nsetup_new_dl_entity if that's the case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e8c5e36-e151-4162-b121-877f06db9f3b.json b/objects/vulnerability/vulnerability--7e8c5e36-e151-4162-b121-877f06db9f3b.json new file mode 100644 index 00000000000..410f776a21f --- /dev/null +++ b/objects/vulnerability/vulnerability--7e8c5e36-e151-4162-b121-877f06db9f3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b62fb5e-378d-4685-971c-93a51146d74b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e8c5e36-e151-4162-b121-877f06db9f3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.490398Z", + "modified": "2024-12-30T00:22:03.490398Z", + "name": "CVE-2024-56649", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: Do not configure preemptible TCs if SIs do not support\n\nBoth ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure\nMQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()\nto configure preemptible TCs. However, only PF is able to configure\npreemptible TCs. Because only PF has related registers, while VF does not\nhave these registers. So for VF, its hw->port pointer is NULL. Therefore,\nVF will access an invalid pointer when accessing a non-existent register,\nwhich will cause a crash issue. The simplified log is as follows.\n\nroot@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \\\nmqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1\n[ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00\n[ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400\n[ 187.511140] Call trace:\n[ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400\n[ 187.518918] enetc_setup_tc_mqprio+0x180/0x214\n[ 187.523374] enetc_vf_setup_tc+0x1c/0x30\n[ 187.527306] mqprio_enable_offload+0x144/0x178\n[ 187.531766] mqprio_init+0x3ec/0x668\n[ 187.535351] qdisc_create+0x15c/0x488\n[ 187.539023] tc_modify_qdisc+0x398/0x73c\n[ 187.542958] rtnetlink_rcv_msg+0x128/0x378\n[ 187.547064] netlink_rcv_skb+0x60/0x130\n[ 187.550910] rtnetlink_rcv+0x18/0x24\n[ 187.554492] netlink_unicast+0x300/0x36c\n[ 187.558425] netlink_sendmsg+0x1a8/0x420\n[ 187.606759] ---[ end trace 0000000000000000 ]---\n\nIn addition, some PFs also do not support configuring preemptible TCs,\nsuch as eno1 and eno3 on LS1028A. It won't crash like it does for VFs,\nbut we should prevent these PFs from accessing these unimplemented\nregisters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56649" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7eb217bc-bfcf-4ded-8bb1-e03cf49a0daa.json b/objects/vulnerability/vulnerability--7eb217bc-bfcf-4ded-8bb1-e03cf49a0daa.json new file mode 100644 index 00000000000..6aec20a3e6b --- /dev/null +++ b/objects/vulnerability/vulnerability--7eb217bc-bfcf-4ded-8bb1-e03cf49a0daa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b405191a-13bc-4ae1-a8b1-14ee1e0e63f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7eb217bc-bfcf-4ded-8bb1-e03cf49a0daa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.511348Z", + "modified": "2024-12-30T00:22:03.511348Z", + "name": "CVE-2024-56554", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix freeze UAF in binder_release_work()\n\nWhen a binder reference is cleaned up, any freeze work queued in the\nassociated process should also be removed. Otherwise, the reference is\nfreed while its ref->freeze.work is still queued in proc->work leading\nto a use-after-free issue as shown by the following KASAN report:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in binder_release_work+0x398/0x3d0\n Read of size 8 at addr ffff31600ee91488 by task kworker/5:1/211\n\n CPU: 5 UID: 0 PID: 211 Comm: kworker/5:1 Not tainted 6.11.0-rc7-00382-gfc6c92196396 #22\n Hardware name: linux,dummy-virt (DT)\n Workqueue: events binder_deferred_func\n Call trace:\n binder_release_work+0x398/0x3d0\n binder_deferred_func+0xb60/0x109c\n process_one_work+0x51c/0xbd4\n worker_thread+0x608/0xee8\n\n Allocated by task 703:\n __kmalloc_cache_noprof+0x130/0x280\n binder_thread_write+0xdb4/0x42a0\n binder_ioctl+0x18f0/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n invoke_syscall+0x6c/0x254\n\n Freed by task 211:\n kfree+0xc4/0x230\n binder_deferred_func+0xae8/0x109c\n process_one_work+0x51c/0xbd4\n worker_thread+0x608/0xee8\n ==================================================================\n\nThis commit fixes the issue by ensuring any queued freeze work is removed\nwhen cleaning up a binder reference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56554" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ebc1930-2515-469d-af13-224d73c148c6.json b/objects/vulnerability/vulnerability--7ebc1930-2515-469d-af13-224d73c148c6.json new file mode 100644 index 00000000000..d45065269f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ebc1930-2515-469d-af13-224d73c148c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2429d8fe-e390-4575-85b2-50fd2e1e2aec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ebc1930-2515-469d-af13-224d73c148c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.44387Z", + "modified": "2024-12-30T00:22:03.44387Z", + "name": "CVE-2024-56601", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: inet: do not leave a dangling sk pointer in inet_create()\n\nsock_init_data() attaches the allocated sk object to the provided sock\nobject. If inet_create() fails later, the sk object is freed, but the\nsock object retains the dangling pointer, which may create use-after-free\nlater.\n\nClear the sk pointer in the sock object on error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--810b5cae-995e-4d46-9a5c-851ed8d28560.json b/objects/vulnerability/vulnerability--810b5cae-995e-4d46-9a5c-851ed8d28560.json new file mode 100644 index 00000000000..101ed6bb75d --- /dev/null +++ b/objects/vulnerability/vulnerability--810b5cae-995e-4d46-9a5c-851ed8d28560.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d3a1d56-3d40-457c-ae60-9cab0c3bbf13", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--810b5cae-995e-4d46-9a5c-851ed8d28560", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.573718Z", + "modified": "2024-12-30T00:22:03.573718Z", + "name": "CVE-2024-56570", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: Filter invalid inodes with missing lookup function\n\nAdd a check to the ovl_dentry_weird() function to prevent the\nprocessing of directory inodes that lack the lookup function.\nThis is important because such inodes can cause errors in overlayfs\nwhen passed to the lowerstack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56570" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81109ce0-86ce-4a6b-a42a-dbfa74024bf3.json b/objects/vulnerability/vulnerability--81109ce0-86ce-4a6b-a42a-dbfa74024bf3.json new file mode 100644 index 00000000000..661c87a8c19 --- /dev/null +++ b/objects/vulnerability/vulnerability--81109ce0-86ce-4a6b-a42a-dbfa74024bf3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43ddea42-0e1f-49c8-abb9-65a801ea0f40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81109ce0-86ce-4a6b-a42a-dbfa74024bf3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.450547Z", + "modified": "2024-12-30T00:22:03.450547Z", + "name": "CVE-2024-56555", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix OOB in binder_add_freeze_work()\n\nIn binder_add_freeze_work() we iterate over the proc->nodes with the\nproc->inner_lock held. However, this lock is temporarily dropped to\nacquire the node->lock first (lock nesting order). This can race with\nbinder_deferred_release() which removes the nodes from the proc->nodes\nrbtree and adds them into binder_dead_nodes list. This leads to a broken\niteration in binder_add_freeze_work() as rb_next() will use data from\nbinder_dead_nodes, triggering an out-of-bounds access:\n\n ==================================================================\n BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124\n Read of size 8 at addr ffffcb84285f7170 by task freeze/660\n\n CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n rb_next+0xfc/0x124\n binder_add_freeze_work+0x344/0x534\n binder_ioctl+0x1e70/0x25ac\n __arm64_sys_ioctl+0x124/0x190\n\n The buggy address belongs to the variable:\n binder_dead_nodes+0x10/0x40\n [...]\n ==================================================================\n\nThis is possible because proc->nodes (rbtree) and binder_dead_nodes\n(list) share entries in binder_node through a union:\n\n\tstruct binder_node {\n\t[...]\n\t\tunion {\n\t\t\tstruct rb_node rb_node;\n\t\t\tstruct hlist_node dead_node;\n\t\t};\n\nFix the race by checking that the proc is still alive. If not, simply\nbreak out of the iteration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56555" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--812144cd-5cee-47b4-ad74-927e55f94be9.json b/objects/vulnerability/vulnerability--812144cd-5cee-47b4-ad74-927e55f94be9.json new file mode 100644 index 00000000000..5a1dd9c1193 --- /dev/null +++ b/objects/vulnerability/vulnerability--812144cd-5cee-47b4-ad74-927e55f94be9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd7c8699-57de-425b-aee3-aef2ff1757ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--812144cd-5cee-47b4-ad74-927e55f94be9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.377385Z", + "modified": "2024-12-30T00:22:03.377385Z", + "name": "CVE-2024-56571", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Require entities to have a non-zero unique ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nSo, deny allocating an entity with ID 0 or an ID that belongs to a unit\nthat is already added to the list of entities.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1fd/0x290\n[ 21.056413] uvc_probe+0x380e/0x3dc0\n[ 21.056676] ? __lock_acquire+0x5aa/0x26e0\n[ 21.056946] ? find_held_lock+0x33/0xa0\n[ 21.057196] ? kernfs_activate+0x70/0x80\n[ 21.057533] ? usb_match_dy\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--81e4f762-e885-4bcb-a086-a6f321dd2e3b.json b/objects/vulnerability/vulnerability--81e4f762-e885-4bcb-a086-a6f321dd2e3b.json new file mode 100644 index 00000000000..acbb657911a --- /dev/null +++ b/objects/vulnerability/vulnerability--81e4f762-e885-4bcb-a086-a6f321dd2e3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba24c784-15ad-4e5f-9140-8e2fc594f644", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--81e4f762-e885-4bcb-a086-a6f321dd2e3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.392904Z", + "modified": "2024-12-30T00:22:02.392904Z", + "name": "CVE-2024-53195", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Get rid of userspace_irqchip_in_use\n\nImproper use of userspace_irqchip_in_use led to syzbot hitting the\nfollowing WARN_ON() in kvm_timer_update_irq():\n\nWARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459\nkvm_timer_update_irq+0x21c/0x394\nCall trace:\n kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459\n kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968\n kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264\n kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline]\n kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline]\n kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695\n kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151\n el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nThe following sequence led to the scenario:\n - Userspace creates a VM and a vCPU.\n - The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during\n KVM_ARM_VCPU_INIT.\n - Without any other setup, such as vGIC or vPMU, userspace issues\n KVM_RUN on the vCPU. Since the vPMU is requested, but not setup,\n kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change().\n As a result, KVM_RUN returns after enabling the timer, but before\n incrementing 'userspace_irqchip_in_use':\n kvm_arch_vcpu_run_pid_change()\n ret = kvm_arm_pmu_v3_enable()\n if (!vcpu->arch.pmu.created)\n return -EINVAL;\n if (ret)\n return ret;\n [...]\n if (!irqchip_in_kernel(kvm))\n static_branch_inc(&userspace_irqchip_in_use);\n - Userspace ignores the error and issues KVM_ARM_VCPU_INIT again.\n Since the timer is already enabled, control moves through the\n following flow, ultimately hitting the WARN_ON():\n kvm_timer_vcpu_reset()\n if (timer->enabled)\n kvm_timer_update_irq()\n if (!userspace_irqchip())\n ret = kvm_vgic_inject_irq()\n ret = vgic_lazy_init()\n if (unlikely(!vgic_initialized(kvm)))\n if (kvm->arch.vgic.vgic_model !=\n KVM_DEV_TYPE_ARM_VGIC_V2)\n return -EBUSY;\n WARN_ON(ret);\n\nTheoretically, since userspace_irqchip_in_use's functionality can be\nsimply replaced by '!irqchip_in_kernel()', get rid of the static key\nto avoid the mismanagement, which also helps with the syzbot issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53195" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83294206-a05e-4064-aa07-d5911a1282f5.json b/objects/vulnerability/vulnerability--83294206-a05e-4064-aa07-d5911a1282f5.json new file mode 100644 index 00000000000..810a2f04fad --- /dev/null +++ b/objects/vulnerability/vulnerability--83294206-a05e-4064-aa07-d5911a1282f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--88938358-5cdf-4e1d-9ad5-30d5589efac9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83294206-a05e-4064-aa07-d5911a1282f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.874756Z", + "modified": "2024-12-30T00:22:16.874756Z", + "name": "CVE-2020-9085", + "description": "There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9085" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--840548da-cf4a-4537-99ea-d5328b4876f9.json b/objects/vulnerability/vulnerability--840548da-cf4a-4537-99ea-d5328b4876f9.json new file mode 100644 index 00000000000..19c15f367f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--840548da-cf4a-4537-99ea-d5328b4876f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63d10ec6-c48a-4791-ac66-f334a32d1f6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--840548da-cf4a-4537-99ea-d5328b4876f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.466502Z", + "modified": "2024-12-30T00:22:02.466502Z", + "name": "CVE-2024-53196", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Don't retire aborted MMIO instruction\n\nReturning an abort to the guest for an unsupported MMIO access is a\ndocumented feature of the KVM UAPI. Nevertheless, it's clear that this\nplumbing has seen limited testing, since userspace can trivially cause a\nWARN in the MMIO return:\n\n WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536\n Call trace:\n kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536\n kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133\n kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487\n __do_sys_ioctl fs/ioctl.c:51 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893\n __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\n el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\n el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712\n el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nThe splat is complaining that KVM is advancing PC while an exception is\npending, i.e. that KVM is retiring the MMIO instruction despite a\npending synchronous external abort. Womp womp.\n\nFix the glaring UAPI bug by skipping over all the MMIO emulation in\ncase there is a pending synchronous exception. Note that while userspace\nis capable of pending an asynchronous exception (SError, IRQ, or FIQ),\nit is still safe to retire the MMIO instruction in this case as (1) they\nare by definition asynchronous, and (2) KVM relies on hardware support\nfor pending/delivering these exceptions instead of the software state\nmachine for advancing PC.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53196" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8469c267-9567-4d89-b3c6-6f382185d613.json b/objects/vulnerability/vulnerability--8469c267-9567-4d89-b3c6-6f382185d613.json new file mode 100644 index 00000000000..f490acb8688 --- /dev/null +++ b/objects/vulnerability/vulnerability--8469c267-9567-4d89-b3c6-6f382185d613.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa3db65c-76d9-4235-b7cd-38c2b491be09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8469c267-9567-4d89-b3c6-6f382185d613", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.96316Z", + "modified": "2024-12-30T00:22:03.96316Z", + "name": "CVE-2024-13013", + "description": "A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The manipulation of the argument page title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13013" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8470db45-f3bd-4e4e-a07b-f13dbcedcd2f.json b/objects/vulnerability/vulnerability--8470db45-f3bd-4e4e-a07b-f13dbcedcd2f.json new file mode 100644 index 00000000000..6e3ee013c72 --- /dev/null +++ b/objects/vulnerability/vulnerability--8470db45-f3bd-4e4e-a07b-f13dbcedcd2f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ddd0dcfe-a7d9-4182-8775-52f24b3a287d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8470db45-f3bd-4e4e-a07b-f13dbcedcd2f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.409978Z", + "modified": "2024-12-30T00:22:02.409978Z", + "name": "CVE-2024-53188", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix crash when unbinding\n\nIf there is an error during some initialization related to firmware,\nthe function ath12k_dp_cc_cleanup is called to release resources.\nHowever this is released again when the device is unbinded (ath12k_pci),\nand we get:\nBUG: kernel NULL pointer dereference, address: 0000000000000020\nat RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k]\nCall Trace:\nath12k_dp_cc_cleanup\nath12k_dp_free\nath12k_core_deinit\nath12k_pci_remove\n...\n\nThe issue is always reproducible from a VM because the MSI addressing\ninitialization is failing.\n\nIn order to fix the issue, just set to NULL the released structure in\nath12k_dp_cc_cleanup at the end.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84c1946b-2b61-4eba-a37a-009a243feb60.json b/objects/vulnerability/vulnerability--84c1946b-2b61-4eba-a37a-009a243feb60.json new file mode 100644 index 00000000000..787436ba6bc --- /dev/null +++ b/objects/vulnerability/vulnerability--84c1946b-2b61-4eba-a37a-009a243feb60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e369d1c6-d2a5-4a29-bc78-888ba778b848", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84c1946b-2b61-4eba-a37a-009a243feb60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.082625Z", + "modified": "2024-12-30T00:22:02.082625Z", + "name": "CVE-2024-11605", + "description": "The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8557ea95-2797-4952-9db7-c4182289ebf7.json b/objects/vulnerability/vulnerability--8557ea95-2797-4952-9db7-c4182289ebf7.json new file mode 100644 index 00000000000..5200713b9f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8557ea95-2797-4952-9db7-c4182289ebf7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e54fc49-aff0-4585-bedd-63bacb320776", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8557ea95-2797-4952-9db7-c4182289ebf7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.429131Z", + "modified": "2024-12-30T00:22:02.429131Z", + "name": "CVE-2024-53209", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix receive ring space parameters when XDP is active\n\nThe MTU setting at the time an XDP multi-buffer is attached\ndetermines whether the aggregation ring will be used and the\nrx_skb_func handler. This is done in bnxt_set_rx_skb_mode().\n\nIf the MTU is later changed, the aggregation ring setting may need\nto be changed and it may become out-of-sync with the settings\ninitially done in bnxt_set_rx_skb_mode(). This may result in\nrandom memory corruption and crashes as the HW may DMA data larger\nthan the allocated buffer size, such as:\n\nBUG: kernel NULL pointer dereference, address: 00000000000003c0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1\nHardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021\nRIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en]\nCode: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f\nRSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202\nRAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff\nRDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380\nRBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf\nR10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980\nR13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990\nFS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en]\n\nTo address the issue, we now call bnxt_set_rx_skb_mode() within\nbnxt_change_mtu() to properly set the AGG rings configuration and\nupdate rx_skb_func based on the new MTU value.\nAdditionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of\nbnxt_set_rx_skb_mode() to make sure it gets set or cleared based on\nthe current MTU.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53209" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--865bc487-cc21-4a13-8d58-29a204170112.json b/objects/vulnerability/vulnerability--865bc487-cc21-4a13-8d58-29a204170112.json new file mode 100644 index 00000000000..12f761c1bbd --- /dev/null +++ b/objects/vulnerability/vulnerability--865bc487-cc21-4a13-8d58-29a204170112.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9c24408-06ab-4e03-9040-653c0e2dee6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--865bc487-cc21-4a13-8d58-29a204170112", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.469047Z", + "modified": "2024-12-30T00:22:02.469047Z", + "name": "CVE-2024-53231", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()\n\ncpufreq_cpu_get_raw() may return NULL if the cpu is not in\npolicy->cpus cpu mask and it will cause null pointer dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53231" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86755f23-6b89-4007-be20-ae071b6f77b8.json b/objects/vulnerability/vulnerability--86755f23-6b89-4007-be20-ae071b6f77b8.json new file mode 100644 index 00000000000..1045f3a7ed6 --- /dev/null +++ b/objects/vulnerability/vulnerability--86755f23-6b89-4007-be20-ae071b6f77b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a6c6138-866e-4fde-8c9a-2e35a5f35840", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86755f23-6b89-4007-be20-ae071b6f77b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.489655Z", + "modified": "2024-12-30T00:22:02.489655Z", + "name": "CVE-2024-53172", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: fastmap: Fix duplicate slab cache names while attaching\n\nSince commit 4c39529663b9 (\"slab: Warn on duplicate cache names when\nDEBUG_VM=y\"), the duplicate slab cache names can be detected and a\nkernel WARNING is thrown out.\nIn UBI fast attaching process, alloc_ai() could be invoked twice\nwith the same slab cache name 'ubi_aeb_slab_cache', which will trigger\nfollowing warning messages:\n kmem_cache of name 'ubi_aeb_slab_cache' already exists\n WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107\n __kmem_cache_create_args+0x100/0x5f0\n Modules linked in: ubi(+) nandsim [last unloaded: nandsim]\n CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2\n RIP: 0010:__kmem_cache_create_args+0x100/0x5f0\n Call Trace:\n __kmem_cache_create_args+0x100/0x5f0\n alloc_ai+0x295/0x3f0 [ubi]\n ubi_attach+0x3c3/0xcc0 [ubi]\n ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi]\n ubi_init+0x3fb/0x800 [ubi]\n do_init_module+0x265/0x7d0\n __x64_sys_finit_module+0x7a/0xc0\n\nThe problem could be easily reproduced by loading UBI device by fastmap\nwith CONFIG_DEBUG_VM=y.\nFix it by using different slab names for alloc_ai() callers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8739256f-0d52-42dc-83b0-1883d704fa98.json b/objects/vulnerability/vulnerability--8739256f-0d52-42dc-83b0-1883d704fa98.json new file mode 100644 index 00000000000..bffd0760ab2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8739256f-0d52-42dc-83b0-1883d704fa98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12f54914-5b47-4036-b48b-0e9b2ceb93a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8739256f-0d52-42dc-83b0-1883d704fa98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.563115Z", + "modified": "2024-12-30T00:22:03.563115Z", + "name": "CVE-2024-56681", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - add error check in the ahash_hmac_init function\n\nThe ahash_init functions may return fails. The ahash_hmac_init should\nnot return ok when ahash_init returns error. For an example, ahash_init\nwill return -ENOMEM when allocation memory is error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--873b8c57-f550-4b4a-9b83-5d8b00318103.json b/objects/vulnerability/vulnerability--873b8c57-f550-4b4a-9b83-5d8b00318103.json new file mode 100644 index 00000000000..be0d36d892f --- /dev/null +++ b/objects/vulnerability/vulnerability--873b8c57-f550-4b4a-9b83-5d8b00318103.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65c2a9cc-ebaa-4593-bb76-e457996d3b64", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--873b8c57-f550-4b4a-9b83-5d8b00318103", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.551996Z", + "modified": "2024-12-30T00:22:01.551996Z", + "name": "CVE-2024-12238", + "description": "The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--896d430a-85d5-45de-9e64-923d3542c18a.json b/objects/vulnerability/vulnerability--896d430a-85d5-45de-9e64-923d3542c18a.json new file mode 100644 index 00000000000..7e83b4ed200 --- /dev/null +++ b/objects/vulnerability/vulnerability--896d430a-85d5-45de-9e64-923d3542c18a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a2d3c2e-fbe5-4a3b-9e80-3fc4b1d0ced5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--896d430a-85d5-45de-9e64-923d3542c18a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.44273Z", + "modified": "2024-12-30T00:22:03.44273Z", + "name": "CVE-2024-56593", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()\n\nThis patch fixes a NULL pointer dereference bug in brcmfmac that occurs\nwhen a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs\nare sent from the pkt queue.\n\nThe problem is the number of entries in the pre-allocated sgtable, it is\nnents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1.\nGiven the default [rt]xglom_size=32 it's actually 35 which is too small.\nWorst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB\nis added for each original SKB if tailroom isn't enough to hold tail_pad.\nAt least one sg entry is needed for each SKB. So, eventually the \"skb_queue_walk loop\"\nin brcmf_sdiod_sglist_rw may run out of sg entries. This makes sg_next return\nNULL and this causes the oops.\n\nThe patch sets nents to max(rxglom_size, txglom_size) * 2 to be able handle\nthe worst-case.\nBtw. this requires only 64-35=29 * 16 (or 20 if CONFIG_NEED_SG_DMA_LENGTH) = 464\nadditional bytes of memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89c8770b-57b4-464c-88c7-e7d8374eb8c6.json b/objects/vulnerability/vulnerability--89c8770b-57b4-464c-88c7-e7d8374eb8c6.json new file mode 100644 index 00000000000..b08b6be53e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--89c8770b-57b4-464c-88c7-e7d8374eb8c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a21cc7f7-ffd6-40bf-8345-774270d5327e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89c8770b-57b4-464c-88c7-e7d8374eb8c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.423779Z", + "modified": "2024-12-30T00:22:03.423779Z", + "name": "CVE-2024-56694", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n'''\nsk_psock_strp_data_ready\n write_lock_bh(&sk->sk_callback_lock)\n strp_data_ready\n strp_read_sock\n read_sock -> tcp_read_sock\n strp_recv\n cb.rcv_msg -> sk_psock_strp_read\n # now stream_verdict return SK_PASS without peer sock assign\n __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n sk_psock_verdict_apply\n sk_psock_skb_ingress_self\n sk_psock_skb_ingress_enqueue\n sk_psock_data_ready\n read_lock_bh(&sk->sk_callback_lock) <= dead lock\n\n'''\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56694" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89f79a84-6494-4787-b476-ac3ef56e4bbf.json b/objects/vulnerability/vulnerability--89f79a84-6494-4787-b476-ac3ef56e4bbf.json new file mode 100644 index 00000000000..dfc60ff0260 --- /dev/null +++ b/objects/vulnerability/vulnerability--89f79a84-6494-4787-b476-ac3ef56e4bbf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--edd049c4-fd54-4016-a186-116d544b619d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89f79a84-6494-4787-b476-ac3ef56e4bbf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.540394Z", + "modified": "2024-12-30T00:22:03.540394Z", + "name": "CVE-2024-56642", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free of kernel socket in cleanup_bearer().\n\nsyzkaller reported a use-after-free of UDP kernel socket\nin cleanup_bearer() without repro. [0][1]\n\nWhen bearer_disable() calls tipc_udp_disable(), cleanup\nof the UDP kernel socket is deferred by work calling\ncleanup_bearer().\n\ntipc_net_stop() waits for such works to finish by checking\ntipc_net(net)->wq_count. However, the work decrements the\ncount too early before releasing the kernel socket,\nunblocking cleanup_net() and resulting in use-after-free.\n\nLet's move the decrement after releasing the socket in\ncleanup_bearer().\n\n[0]:\nref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at\n sk_alloc+0x438/0x608\n inet_create+0x4c8/0xcb0\n __sock_create+0x350/0x6b8\n sock_create_kern+0x58/0x78\n udp_sock_create4+0x68/0x398\n udp_sock_create+0x88/0xc8\n tipc_udp_enable+0x5e8/0x848\n __tipc_nl_bearer_enable+0x84c/0xed8\n tipc_nl_bearer_enable+0x38/0x60\n genl_family_rcv_msg_doit+0x170/0x248\n genl_rcv_msg+0x400/0x5b0\n netlink_rcv_skb+0x1dc/0x398\n genl_rcv+0x44/0x68\n netlink_unicast+0x678/0x8b0\n netlink_sendmsg+0x5e4/0x898\n ____sys_sendmsg+0x500/0x830\n\n[1]:\nBUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline]\nBUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n udp_hashslot include/net/udp.h:85 [inline]\n udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979\n sk_common_release+0xaf/0x3f0 net/core/sock.c:3820\n inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437\n inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489\n __sock_release net/socket.c:658 [inline]\n sock_release+0xa0/0x210 net/socket.c:686\n cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nUninit was created at:\n slab_free_hook mm/slub.c:2269 [inline]\n slab_free mm/slub.c:4580 [inline]\n kmem_cache_free+0x207/0xc40 mm/slub.c:4682\n net_free net/core/net_namespace.c:454 [inline]\n cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310\n worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391\n kthread+0x531/0x6b0 kernel/kthread.c:389\n ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244\n\nCPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: events cleanup_bearer", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b47c186-cdda-4371-ba52-eba5b2ebc7de.json b/objects/vulnerability/vulnerability--8b47c186-cdda-4371-ba52-eba5b2ebc7de.json new file mode 100644 index 00000000000..a66ad4d6a15 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b47c186-cdda-4371-ba52-eba5b2ebc7de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f616684d-1739-438a-89b0-41c7ad3f9439", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b47c186-cdda-4371-ba52-eba5b2ebc7de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.387718Z", + "modified": "2024-12-30T00:22:03.387718Z", + "name": "CVE-2024-56614", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix OOB map writes when deleting elements\n\nJordy says:\n\n\"\nIn the xsk_map_delete_elem function an unsigned integer\n(map->max_entries) is compared with a user-controlled signed integer\n(k). Due to implicit type conversion, a large unsigned value for\nmap->max_entries can bypass the intended bounds check:\n\n\tif (k >= map->max_entries)\n\t\treturn -EINVAL;\n\nThis allows k to hold a negative value (between -2147483648 and -2),\nwhich is then used as an array index in m->xsk_map[k], which results\nin an out-of-bounds access.\n\n\tspin_lock_bh(&m->lock);\n\tmap_entry = &m->xsk_map[k]; // Out-of-bounds map_entry\n\told_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write\n\tif (old_xs)\n\t\txsk_map_sock_delete(old_xs, map_entry);\n\tspin_unlock_bh(&m->lock);\n\nThe xchg operation can then be used to cause an out-of-bounds write.\nMoreover, the invalid map_entry passed to xsk_map_sock_delete can lead\nto further memory corruption.\n\"\n\nIt indeed results in following splat:\n\n[76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108\n[76612.904330] #PF: supervisor write access in kernel mode\n[76612.909639] #PF: error_code(0x0002) - not-present page\n[76612.914855] PGD 0 P4D 0\n[76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP\n[76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470\n[76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60\n[76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31\n[76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246\n[76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000\n[76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000\n[76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007\n[76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8\n[76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0\n[76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000\n[76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0\n[76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[76613.041086] PKRU: 55555554\n[76613.043842] Call Trace:\n[76613.046331] \n[76613.048468] ? __die+0x20/0x60\n[76613.051581] ? page_fault_oops+0x15a/0x450\n[76613.055747] ? search_extable+0x22/0x30\n[76613.059649] ? search_bpf_extables+0x5f/0x80\n[76613.063988] ? exc_page_fault+0xa9/0x140\n[76613.067975] ? asm_exc_page_fault+0x22/0x30\n[76613.072229] ? xsk_map_delete_elem+0x2d/0x60\n[76613.076573] ? xsk_map_delete_elem+0x23/0x60\n[76613.080914] __sys_bpf+0x19b7/0x23c0\n[76613.084555] __x64_sys_bpf+0x1a/0x20\n[76613.088194] do_syscall_64+0x37/0xb0\n[76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n[76613.096962] RIP: 0033:0x7f80b6d1e88d\n[76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141\n[76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d\n[76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003\n[76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000\n[76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8\n[76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c6f0d52-470c-4325-ba8c-696f5326f333.json b/objects/vulnerability/vulnerability--8c6f0d52-470c-4325-ba8c-696f5326f333.json new file mode 100644 index 00000000000..02b845920b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c6f0d52-470c-4325-ba8c-696f5326f333.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--600d6c67-c4bd-4481-991f-fa6565d1426e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c6f0d52-470c-4325-ba8c-696f5326f333", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.617999Z", + "modified": "2024-12-30T00:22:03.617999Z", + "name": "CVE-2024-56617", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU\n\nCommit\n\n 5944ce092b97 (\"arch_topology: Build cacheinfo from primary CPU\")\n\nadds functionality that architectures can use to optionally allocate and\nbuild cacheinfo early during boot. Commit\n\n 6539cffa9495 (\"cacheinfo: Add arch specific early level initializer\")\n\nlets secondary CPUs correct (and reallocate memory) cacheinfo data if\nneeded.\n\nIf the early build functionality is not used and cacheinfo does not need\ncorrection, memory for cacheinfo is never allocated. x86 does not use\nthe early build functionality. Consequently, during the cacheinfo CPU\nhotplug callback, last_level_cache_is_valid() attempts to dereference\na NULL pointer:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000100\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEPMT SMP NOPTI\n CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1\n RIP: 0010: last_level_cache_is_valid+0x95/0xe0a\n\nAllocate memory for cacheinfo during the cacheinfo CPU hotplug callback\nif not done earlier.\n\nMoreover, before determining the validity of the last-level cache info,\nensure that it has been allocated. Simply checking for non-zero\ncache_leaves() is not sufficient, as some architectures (e.g., Intel\nprocessors) have non-zero cache_leaves() before allocation.\n\nDereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size().\nThis function iterates over all online CPUs. However, a CPU may have come\nonline recently, but its cacheinfo may not have been allocated yet.\n\nWhile here, remove an unnecessary indentation in allocate_cache_info().\n\n [ bp: Massage. ]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c6f7a03-81a9-40af-b05d-afbc87ff0624.json b/objects/vulnerability/vulnerability--8c6f7a03-81a9-40af-b05d-afbc87ff0624.json new file mode 100644 index 00000000000..050cb4d94ef --- /dev/null +++ b/objects/vulnerability/vulnerability--8c6f7a03-81a9-40af-b05d-afbc87ff0624.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d00f5b35-4e63-4615-b6c2-86a069f97062", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c6f7a03-81a9-40af-b05d-afbc87ff0624", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:06.519126Z", + "modified": "2024-12-30T00:22:06.519126Z", + "name": "CVE-2021-22484", + "description": "Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data.\n\n\n\n\nSuccessful exploitation of this vulnerability may cause a server out of memory (OOM).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-22484" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cbea0f3-c391-4f62-a8cf-83815df01279.json b/objects/vulnerability/vulnerability--8cbea0f3-c391-4f62-a8cf-83815df01279.json new file mode 100644 index 00000000000..60154fee39e --- /dev/null +++ b/objects/vulnerability/vulnerability--8cbea0f3-c391-4f62-a8cf-83815df01279.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe6282a2-2fc4-4ba6-a0e5-8fb80889b7f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cbea0f3-c391-4f62-a8cf-83815df01279", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.484706Z", + "modified": "2024-12-30T00:22:03.484706Z", + "name": "CVE-2024-56686", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race in buffer_head read fault injection\n\nWhen I enabled ext4 debug for fault injection testing, I encountered the\nfollowing warning:\n\n EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:\n Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051\n WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0\n\nThe root cause of the issue lies in the improper implementation of ext4's\nbuffer_head read fault injection. The actual completion of buffer_head\nread and the buffer_head fault injection are not atomic, which can lead\nto the uptodate flag being cleared on normally used buffer_heads in race\nconditions.\n\n[CPU0] [CPU1] [CPU2]\next4_read_inode_bitmap\n ext4_read_bh()\n \n ext4_read_inode_bitmap\n if (buffer_uptodate(bh))\n return bh\n jbd2_journal_commit_transaction\n __jbd2_journal_refile_buffer\n __jbd2_journal_unfile_buffer\n __jbd2_journal_temp_unlink_buffer\n ext4_simulate_fail_bh()\n clear_buffer_uptodate\n mark_buffer_dirty\n \n WARN_ON_ONCE(!buffer_uptodate(bh))\n\nThe best approach would be to perform fault injection in the IO completion\ncallback function, rather than after IO completion. However, the IO\ncompletion callback function cannot get the fault injection code in sb.\n\nFix it by passing the result of fault injection into the bh read function,\nwe simulate faults within the bh read function itself. This requires adding\nan extra parameter to the bh read functions that need fault injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56686" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8dde132a-b6fa-4264-ad02-a98ab472d29f.json b/objects/vulnerability/vulnerability--8dde132a-b6fa-4264-ad02-a98ab472d29f.json new file mode 100644 index 00000000000..935393221eb --- /dev/null +++ b/objects/vulnerability/vulnerability--8dde132a-b6fa-4264-ad02-a98ab472d29f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60986110-d713-4b78-b32c-c5ba5fb85622", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8dde132a-b6fa-4264-ad02-a98ab472d29f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.407586Z", + "modified": "2024-12-30T00:22:03.407586Z", + "name": "CVE-2024-56664", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket's close() link popping & unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(&stab->lock)\n osk = stab->sks[idx]\n sock_map_add_link(..., &stab->sks[idx])\n sock_map_unref(osk, &stab->sks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(&psock))\n sk_psock_drop(sk, psock)\n spin_unlock(&stab->lock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(&stab->lock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(&stab->lock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e408a6c-a279-405c-a382-1b98a92f6a88.json b/objects/vulnerability/vulnerability--8e408a6c-a279-405c-a382-1b98a92f6a88.json new file mode 100644 index 00000000000..c58f01a4a9e --- /dev/null +++ b/objects/vulnerability/vulnerability--8e408a6c-a279-405c-a382-1b98a92f6a88.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--134f2526-c835-433a-8712-a3760b9c5468", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e408a6c-a279-405c-a382-1b98a92f6a88", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.476295Z", + "modified": "2024-12-30T00:22:03.476295Z", + "name": "CVE-2024-56557", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer\n\nThe AD7923 was updated to support devices with 8 channels, but the size\nof tx_buf and ring_xfer was not increased accordingly, leading to a\npotential buffer overflow in ad7923_update_scan_mode().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e852109-5b7a-4d82-9450-931df48d3eca.json b/objects/vulnerability/vulnerability--8e852109-5b7a-4d82-9450-931df48d3eca.json new file mode 100644 index 00000000000..5b25a52bcd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e852109-5b7a-4d82-9450-931df48d3eca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b94e1cc2-3369-4b7d-96f3-d3b145d0f490", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e852109-5b7a-4d82-9450-931df48d3eca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.373107Z", + "modified": "2024-12-30T00:22:03.373107Z", + "name": "CVE-2024-56724", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56724" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--915dd204-ef39-4b74-bc84-954b8e0f6af1.json b/objects/vulnerability/vulnerability--915dd204-ef39-4b74-bc84-954b8e0f6af1.json new file mode 100644 index 00000000000..815f67c83a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--915dd204-ef39-4b74-bc84-954b8e0f6af1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56f1f626-7081-4209-8ce4-47f1c6eacaa7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--915dd204-ef39-4b74-bc84-954b8e0f6af1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.373827Z", + "modified": "2024-12-30T00:22:02.373827Z", + "name": "CVE-2024-53221", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix null-ptr-deref in f2fs_submit_page_bio()\n\nThere's issue as follows when concurrently installing the f2fs.ko\nmodule and mounting the f2fs file system:\nKASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]\nRIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs]\nCall Trace:\n \n f2fs_submit_page_bio+0x126/0x8b0 [f2fs]\n __get_meta_page+0x1d4/0x920 [f2fs]\n get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs]\n validate_checkpoint+0xac/0x290 [f2fs]\n f2fs_get_valid_checkpoint+0x207/0x950 [f2fs]\n f2fs_fill_super+0x1007/0x39b0 [f2fs]\n mount_bdev+0x183/0x250\n legacy_get_tree+0xf4/0x1e0\n vfs_get_tree+0x88/0x340\n do_new_mount+0x283/0x5e0\n path_mount+0x2b2/0x15b0\n __x64_sys_mount+0x1fe/0x270\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAbove issue happens as the biset of the f2fs file system is not\ninitialized before register \"f2fs_fs_type\".\nTo address above issue just register \"f2fs_fs_type\" at the last in\ninit_f2fs_fs(). Ensure that all f2fs file system resources are\ninitialized.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53221" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91eabcc2-0215-4ddf-991c-a011f6f3d262.json b/objects/vulnerability/vulnerability--91eabcc2-0215-4ddf-991c-a011f6f3d262.json new file mode 100644 index 00000000000..5334068030a --- /dev/null +++ b/objects/vulnerability/vulnerability--91eabcc2-0215-4ddf-991c-a011f6f3d262.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6bd13ef-dcd5-468e-b98d-38350b029643", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91eabcc2-0215-4ddf-991c-a011f6f3d262", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.54613Z", + "modified": "2024-12-30T00:22:03.54613Z", + "name": "CVE-2024-56538", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: zynqmp_kms: Unplug DRM device before removal\n\nPrevent userspace accesses to the DRM device from causing\nuse-after-frees by unplugging the device before we remove it. This\ncauses any further userspace accesses to result in an error without\nfurther calls into this driver's internals.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--922fa49c-6c3f-404b-abef-e12002f8b97d.json b/objects/vulnerability/vulnerability--922fa49c-6c3f-404b-abef-e12002f8b97d.json new file mode 100644 index 00000000000..c02655c8440 --- /dev/null +++ b/objects/vulnerability/vulnerability--922fa49c-6c3f-404b-abef-e12002f8b97d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f81c17f4-da6d-4546-a0a7-52b7b6e48fcd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--922fa49c-6c3f-404b-abef-e12002f8b97d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.602223Z", + "modified": "2024-12-30T00:22:03.602223Z", + "name": "CVE-2024-56546", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()\n\nIf we fail to allocate memory for cb_data by kmalloc, the memory\nallocation for eve_data is never freed, add the missing kfree()\nin the error handling path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56546" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--924b5512-919d-42c0-b31c-a0dd90363142.json b/objects/vulnerability/vulnerability--924b5512-919d-42c0-b31c-a0dd90363142.json new file mode 100644 index 00000000000..ca1c4d5f9bc --- /dev/null +++ b/objects/vulnerability/vulnerability--924b5512-919d-42c0-b31c-a0dd90363142.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7dc2c0bd-a23f-4981-b48e-7db42b3696af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--924b5512-919d-42c0-b31c-a0dd90363142", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.555307Z", + "modified": "2024-12-30T00:22:03.555307Z", + "name": "CVE-2024-56604", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()\n\nbt_sock_alloc() attaches allocated sk object to the provided sock object.\nIf rfcomm_dlc_alloc() fails, we release the sk object, but leave the\ndangling pointer in the sock object, which may cause use-after-free.\n\nFix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92b17b37-1419-4f5c-b407-ed3259c22ccf.json b/objects/vulnerability/vulnerability--92b17b37-1419-4f5c-b407-ed3259c22ccf.json new file mode 100644 index 00000000000..2af6beae4d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--92b17b37-1419-4f5c-b407-ed3259c22ccf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c608be90-07c1-4ee4-bddc-5ac76393abdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92b17b37-1419-4f5c-b407-ed3259c22ccf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.473767Z", + "modified": "2024-12-30T00:22:02.473767Z", + "name": "CVE-2024-53233", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nunicode: Fix utf8_load() error path\n\nutf8_load() requests the symbol \"utf8_data_table\" and then checks if the\nrequested UTF-8 version is supported. If it's unsupported, it tries to\nput the data table using symbol_put(). If an unsupported version is\nrequested, symbol_put() fails like this:\n\n kernel BUG at kernel/module/main.c:786!\n RIP: 0010:__symbol_put+0x93/0xb0\n Call Trace:\n \n ? __die_body.cold+0x19/0x27\n ? die+0x2e/0x50\n ? do_trap+0xca/0x110\n ? do_error_trap+0x65/0x80\n ? __symbol_put+0x93/0xb0\n ? exc_invalid_op+0x51/0x70\n ? __symbol_put+0x93/0xb0\n ? asm_exc_invalid_op+0x1a/0x20\n ? __pfx_cmp_name+0x10/0x10\n ? __symbol_put+0x93/0xb0\n ? __symbol_put+0x62/0xb0\n utf8_load+0xf8/0x150\n\nThat happens because symbol_put() expects the unique string that\nidentify the symbol, instead of a pointer to the loaded symbol. Fix that\nby using such string.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53233" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93a02567-f61f-4743-9000-68fbfc9f3433.json b/objects/vulnerability/vulnerability--93a02567-f61f-4743-9000-68fbfc9f3433.json new file mode 100644 index 00000000000..f22fd00a747 --- /dev/null +++ b/objects/vulnerability/vulnerability--93a02567-f61f-4743-9000-68fbfc9f3433.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4701c43e-146b-43ee-b0b8-f3224478fa47", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93a02567-f61f-4743-9000-68fbfc9f3433", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.424383Z", + "modified": "2024-12-30T00:22:02.424383Z", + "name": "CVE-2024-53226", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()\n\nib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument.\nThe driver needs to check whether it is a NULL pointer before\ndereferencing it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93d38718-25a9-4f24-942c-b86a438cb81a.json b/objects/vulnerability/vulnerability--93d38718-25a9-4f24-942c-b86a438cb81a.json new file mode 100644 index 00000000000..30702b18824 --- /dev/null +++ b/objects/vulnerability/vulnerability--93d38718-25a9-4f24-942c-b86a438cb81a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4dc5f3b6-2118-4c29-85bc-f50588126f68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93d38718-25a9-4f24-942c-b86a438cb81a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.556427Z", + "modified": "2024-12-30T00:22:03.556427Z", + "name": "CVE-2024-56588", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Create all dump files during debugfs initialization\n\nFor the current debugfs of hisi_sas, after user triggers dump, the\ndriver allocate memory space to save the register information and create\ndebugfs files to display the saved information. In this process, the\ndebugfs files created after each dump.\n\nTherefore, when the dump is triggered while the driver is unbind, the\nfollowing hang occurs:\n\n[67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0\n[67840.862947] Mem abort info:\n[67840.865855] ESR = 0x0000000096000004\n[67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits\n[67840.875125] SET = 0, FnV = 0\n[67840.878291] EA = 0, S1PTW = 0\n[67840.881545] FSC = 0x04: level 0 translation fault\n[67840.886528] Data abort info:\n[67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000\n[67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000\n[67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[67841.003628] pc : down_write+0x30/0x98\n[67841.007546] lr : start_creating.part.0+0x60/0x198\n[67841.012495] sp : ffff8000b979ba20\n[67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40\n[67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8\n[67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18\n[67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020\n[67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff\n[67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18\n[67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18\n[67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9\n[67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001\n[67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0\n[67841.089759] Call trace:\n[67841.092456] down_write+0x30/0x98\n[67841.096017] start_creating.part.0+0x60/0x198\n[67841.100613] debugfs_create_dir+0x48/0x1f8\n[67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw]\n[67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw]\n[67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw]\n[67841.125115] full_proxy_write+0x68/0xc8\n[67841.129175] vfs_write+0xd8/0x3f0\n[67841.132708] ksys_write+0x70/0x108\n[67841.136317] __arm64_sys_write+0x24/0x38\n[67841.140440] invoke_syscall+0x50/0x128\n[67841.144385] el0_svc_common.constprop.0+0xc8/0xf0\n[67841.149273] do_el0_svc+0x24/0x38\n[67841.152773] el0_svc+0x38/0xd8\n[67841.156009] el0t_64_sync_handler+0xc0/0xc8\n[67841.160361] el0t_64_sync+0x1a4/0x1a8\n[67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05)\n[67841.170443] ---[ end trace 0000000000000000 ]---\n\nTo fix this issue, create all directories and files during debugfs\ninitialization. In this way, the driver only needs to allocate memory\nspace to save information each time the user triggers dumping.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56588" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93ef83e9-b8cb-4ba7-9110-ae7a0f062c53.json b/objects/vulnerability/vulnerability--93ef83e9-b8cb-4ba7-9110-ae7a0f062c53.json new file mode 100644 index 00000000000..86eafd94751 --- /dev/null +++ b/objects/vulnerability/vulnerability--93ef83e9-b8cb-4ba7-9110-ae7a0f062c53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36c9ef04-3b0d-4b99-a0d8-c895f32da63e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93ef83e9-b8cb-4ba7-9110-ae7a0f062c53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.457298Z", + "modified": "2024-12-30T00:22:03.457298Z", + "name": "CVE-2024-56612", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: handle NULL pages in unpin_user_pages()\n\nThe recent addition of \"pofs\" (pages or folios) handling to gup has a\nflaw: it assumes that unpin_user_pages() handles NULL pages in the pages**\narray. That's not the case, as I discovered when I ran on a new\nconfiguration on my test machine.\n\nFix this by skipping NULL pages in unpin_user_pages(), just like\nunpin_folios() already does.\n\nDetails: when booting on x86 with \"numa=fake=2 movablecore=4G\" on Linux\n6.12, and running this:\n\n tools/testing/selftests/mm/gup_longterm\n\n...I get the following crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nRIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0\n...\nCall Trace:\n \n ? __die_body+0x66/0xb0\n ? page_fault_oops+0x30c/0x3b0\n ? do_user_addr_fault+0x6c3/0x720\n ? irqentry_enter+0x34/0x60\n ? exc_page_fault+0x68/0x100\n ? asm_exc_page_fault+0x22/0x30\n ? sanity_check_pinned_pages+0x3a/0x2d0\n unpin_user_pages+0x24/0xe0\n check_and_migrate_movable_pages_or_folios+0x455/0x4b0\n __gup_longterm_locked+0x3bf/0x820\n ? mmap_read_lock_killable+0x12/0x50\n ? __pfx_mmap_read_lock_killable+0x10/0x10\n pin_user_pages+0x66/0xa0\n gup_test_ioctl+0x358/0xb20\n __se_sys_ioctl+0x6b/0xc0\n do_syscall_64+0x7b/0x150\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94690675-5574-4021-9acc-a5ae091859c5.json b/objects/vulnerability/vulnerability--94690675-5574-4021-9acc-a5ae091859c5.json new file mode 100644 index 00000000000..b94bd06c045 --- /dev/null +++ b/objects/vulnerability/vulnerability--94690675-5574-4021-9acc-a5ae091859c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a578339-fecd-47ab-aa3f-2dead647f020", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94690675-5574-4021-9acc-a5ae091859c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.583413Z", + "modified": "2024-12-30T00:22:03.583413Z", + "name": "CVE-2024-56608", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'\n\nAn issue was identified in the dcn21_link_encoder_create function where\nan out-of-bounds access could occur when the hpd_source index was used\nto reference the link_enc_hpd_regs array. This array has a fixed size\nand the index was not being checked against the array's bounds before\naccessing it.\n\nThis fix adds a conditional check to ensure that the hpd_source index is\nwithin the valid range of the link_enc_hpd_regs array. If the index is\nout of bounds, the function now returns NULL to prevent undefined\nbehavior.\n\nReferences:\n\n[ 65.920507] ------------[ cut here ]------------\n[ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29\n[ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]'\n[ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13\n[ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020\n[ 65.920527] Call Trace:\n[ 65.920529] \n[ 65.920532] dump_stack_lvl+0x48/0x70\n[ 65.920541] dump_stack+0x10/0x20\n[ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0\n[ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu]\n[ 65.921009] link_create+0x6d3/0xed0 [amdgpu]\n[ 65.921355] create_links+0x18a/0x4e0 [amdgpu]\n[ 65.921679] dc_create+0x360/0x720 [amdgpu]\n[ 65.921999] ? dmi_matches+0xa0/0x220\n[ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu]\n[ 65.922342] ? console_unlock+0x77/0x120\n[ 65.922348] ? dev_printk_emit+0x86/0xb0\n[ 65.922354] dm_hw_init+0x15/0x40 [amdgpu]\n[ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu]\n[ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu]\n[ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu]\n[ 65.923087] local_pci_probe+0x4b/0xb0\n[ 65.923087] pci_device_probe+0xc8/0x280\n[ 65.923087] really_probe+0x187/0x300\n[ 65.923087] __driver_probe_device+0x85/0x130\n[ 65.923087] driver_probe_device+0x24/0x110\n[ 65.923087] __driver_attach+0xac/0x1d0\n[ 65.923087] ? __pfx___driver_attach+0x10/0x10\n[ 65.923087] bus_for_each_dev+0x7d/0xd0\n[ 65.923087] driver_attach+0x1e/0x30\n[ 65.923087] bus_add_driver+0xf2/0x200\n[ 65.923087] driver_register+0x64/0x130\n[ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu]\n[ 65.923087] __pci_register_driver+0x61/0x70\n[ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu]\n[ 65.923087] do_one_initcall+0x49/0x310\n[ 65.923087] ? kmalloc_trace+0x136/0x360\n[ 65.923087] do_init_module+0x6a/0x270\n[ 65.923087] load_module+0x1fce/0x23a0\n[ 65.923087] init_module_from_file+0x9c/0xe0\n[ 65.923087] ? init_module_from_file+0x9c/0xe0\n[ 65.923087] idempotent_init_module+0x179/0x230\n[ 65.923087] __x64_sys_finit_module+0x5d/0xa0\n[ 65.923087] do_syscall_64+0x76/0x120\n[ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 65.923087] RIP: 0033:0x7f2d80f1e88d\n[ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48\n[ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n[ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d\n[ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f\n[ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002\n[ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480\n[ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0\n[ 65.923087] \n[ 65.923927] ---[ end trace ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56608" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94866d6f-b8cb-44f4-b7bd-5d22a5f48cda.json b/objects/vulnerability/vulnerability--94866d6f-b8cb-44f4-b7bd-5d22a5f48cda.json new file mode 100644 index 00000000000..8a4293291e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--94866d6f-b8cb-44f4-b7bd-5d22a5f48cda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--913c1a1c-49ce-4563-86f7-64cdfb822b5b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94866d6f-b8cb-44f4-b7bd-5d22a5f48cda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.616038Z", + "modified": "2024-12-30T00:22:03.616038Z", + "name": "CVE-2024-56606", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_packet: avoid erroring out after sock_init_data() in packet_create()\n\nAfter sock_init_data() the allocated sk object is attached to the provided\nsock object. On error, packet_create() frees the sk object leaving the\ndangling pointer in the sock object on return. Some other code may try\nto use this pointer and cause use-after-free.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94a944f4-9bca-42ed-b72a-bf5fe056401f.json b/objects/vulnerability/vulnerability--94a944f4-9bca-42ed-b72a-bf5fe056401f.json new file mode 100644 index 00000000000..8d86acd52e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--94a944f4-9bca-42ed-b72a-bf5fe056401f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ce39263-1770-48dd-8904-0f6a02fcf0c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94a944f4-9bca-42ed-b72a-bf5fe056401f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.612134Z", + "modified": "2024-12-30T00:22:03.612134Z", + "name": "CVE-2024-56657", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: control: Avoid WARN() for symlink errors\n\nUsing WARN() for showing the error of symlink creations don't give\nmore information than telling that something goes wrong, since the\nusual code path is a lregister callback from each control element\ncreation. More badly, the use of WARN() rather confuses fuzzer as if\nit were serious issues.\n\nThis patch downgrades the warning messages to use the normal dev_err()\ninstead of WARN(). For making it clearer, add the function name to\nthe prefix, too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9678b726-c8d7-488f-aee4-fd8eae0d3193.json b/objects/vulnerability/vulnerability--9678b726-c8d7-488f-aee4-fd8eae0d3193.json new file mode 100644 index 00000000000..f44d941e6fe --- /dev/null +++ b/objects/vulnerability/vulnerability--9678b726-c8d7-488f-aee4-fd8eae0d3193.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e958d6d-edb5-4269-bc00-e63e3ff96555", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9678b726-c8d7-488f-aee4-fd8eae0d3193", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.955057Z", + "modified": "2024-12-30T00:22:03.955057Z", + "name": "CVE-2024-13024", + "description": "A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13024" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96c4ea43-1169-46f8-a0af-1ac18a5f13c7.json b/objects/vulnerability/vulnerability--96c4ea43-1169-46f8-a0af-1ac18a5f13c7.json new file mode 100644 index 00000000000..f0f31109ab2 --- /dev/null +++ b/objects/vulnerability/vulnerability--96c4ea43-1169-46f8-a0af-1ac18a5f13c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--352dbb44-f407-4744-a91f-71092304d4e2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96c4ea43-1169-46f8-a0af-1ac18a5f13c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.459355Z", + "modified": "2024-12-30T00:22:03.459355Z", + "name": "CVE-2024-56679", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56679" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97465f86-3e12-4547-a05d-02d7616fa2bd.json b/objects/vulnerability/vulnerability--97465f86-3e12-4547-a05d-02d7616fa2bd.json new file mode 100644 index 00000000000..367bb6a01a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--97465f86-3e12-4547-a05d-02d7616fa2bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0d64e94-70e1-4459-abc2-1de85d22388d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97465f86-3e12-4547-a05d-02d7616fa2bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.881476Z", + "modified": "2024-12-30T00:22:16.881476Z", + "name": "CVE-2020-9082", + "description": "There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9082" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--98e3d84b-4629-45df-b718-a69b492caf77.json b/objects/vulnerability/vulnerability--98e3d84b-4629-45df-b718-a69b492caf77.json new file mode 100644 index 00000000000..ef1d4a88bcc --- /dev/null +++ b/objects/vulnerability/vulnerability--98e3d84b-4629-45df-b718-a69b492caf77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0d016ac-23b2-4ea5-ae73-0cc931d344a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--98e3d84b-4629-45df-b718-a69b492caf77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.538216Z", + "modified": "2024-12-30T00:22:03.538216Z", + "name": "CVE-2024-56621", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Cancel RTC work during ufshcd_remove()\n\nCurrently, RTC work is only cancelled during __ufshcd_wl_suspend(). When\nufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to\nthis, any further trigger of the RTC work after ufshcd_remove() would\nresult in a NULL pointer dereference as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000002a4\nWorkqueue: events ufshcd_rtc_work\nCall trace:\n _raw_spin_lock_irqsave+0x34/0x8c\n pm_runtime_get_if_active+0x24/0xb4\n ufshcd_rtc_work+0x124/0x19c\n process_scheduled_works+0x18c/0x2d8\n worker_thread+0x144/0x280\n kthread+0x11c/0x128\n ret_from_fork+0x10/0x20\n\nSince RTC work accesses the ufshcd internal structures, it should be cancelled\nwhen ufshcd is removed. So do that in ufshcd_remove(), as per the order in\nufshcd_init().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56621" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--993d2e05-e547-47dd-8423-b72174211a0e.json b/objects/vulnerability/vulnerability--993d2e05-e547-47dd-8423-b72174211a0e.json new file mode 100644 index 00000000000..a2202f21ae5 --- /dev/null +++ b/objects/vulnerability/vulnerability--993d2e05-e547-47dd-8423-b72174211a0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d089290-c0a8-4728-b70a-dc942fd250b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--993d2e05-e547-47dd-8423-b72174211a0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.500957Z", + "modified": "2024-12-30T00:22:03.500957Z", + "name": "CVE-2024-56691", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99583bc2-b1a1-4f41-890d-4f572ccc76f3.json b/objects/vulnerability/vulnerability--99583bc2-b1a1-4f41-890d-4f572ccc76f3.json new file mode 100644 index 00000000000..ae81fad0e7c --- /dev/null +++ b/objects/vulnerability/vulnerability--99583bc2-b1a1-4f41-890d-4f572ccc76f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00154fc2-2c79-408c-954c-4985fcc94ca3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99583bc2-b1a1-4f41-890d-4f572ccc76f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.482669Z", + "modified": "2024-12-30T00:22:03.482669Z", + "name": "CVE-2024-56685", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Check num_codecs is not zero to avoid panic during probe\n\nFollowing commit 13f58267cda3 (\"ASoC: soc.h: don't create dummy\nComponent via COMP_DUMMY()\"), COMP_DUMMY() became an array with zero\nlength, and only gets populated with the dummy struct after the card is\nregistered. Since the sound card driver's probe happens before the card\nregistration, accessing any of the members of a dummy component during\nprobe will result in undefined behavior.\n\nThis can be observed in the mt8188 and mt8195 machine sound drivers. By\nomitting a dai link subnode in the sound card's node in the Devicetree,\nthe default uninitialized dummy codec is used, and when its dai_name\npointer gets passed to strcmp() it results in a null pointer dereference\nand a kernel panic.\n\nIn addition to that, set_card_codec_info() in the generic helpers file,\nmtk-soundcard-driver.c, will populate a dai link with a dummy codec when\na dai link node is present in DT but with no codec property.\n\nThe result is that at probe time, a dummy codec can either be\nuninitialized with num_codecs = 0, or be an initialized dummy codec,\nwith num_codecs = 1 and dai_name = \"snd-soc-dummy-dai\". In order to\naccommodate for both situations, check that num_codecs is not zero\nbefore accessing the codecs' fields but still check for the codec's dai\nname against \"snd-soc-dummy-dai\" as needed.\n\nWhile at it, also drop the check that dai_name is not null in the mt8192\ndriver, introduced in commit 4d4e1b6319e5 (\"ASoC: mediatek: mt8192:\nCheck existence of dai_name before dereferencing\"), as it is actually\nredundant given the preceding num_codecs != 0 check.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9993ae1e-6ae8-4c81-bca6-d17bd4e3a045.json b/objects/vulnerability/vulnerability--9993ae1e-6ae8-4c81-bca6-d17bd4e3a045.json new file mode 100644 index 00000000000..b37dfaa91fb --- /dev/null +++ b/objects/vulnerability/vulnerability--9993ae1e-6ae8-4c81-bca6-d17bd4e3a045.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--518bfdd4-ca47-4e01-a607-82cd3577ed61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9993ae1e-6ae8-4c81-bca6-d17bd4e3a045", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.441059Z", + "modified": "2024-12-30T00:22:02.441059Z", + "name": "CVE-2024-53167", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs/blocklayout: Don't attempt unregister for invalid block device\n\nSince commit d869da91cccb (\"nfs/blocklayout: Fix premature PR key\nunregistration\") an unmount of a pNFS SCSI layout-enabled NFS may\ndereference a NULL block_device in:\n\n bl_unregister_scsi+0x16/0xe0 [blocklayoutdriver]\n bl_free_device+0x70/0x80 [blocklayoutdriver]\n bl_free_deviceid_node+0x12/0x30 [blocklayoutdriver]\n nfs4_put_deviceid_node+0x60/0xc0 [nfsv4]\n nfs4_deviceid_purge_client+0x132/0x190 [nfsv4]\n unset_pnfs_layoutdriver+0x59/0x60 [nfsv4]\n nfs4_destroy_server+0x36/0x70 [nfsv4]\n nfs_free_server+0x23/0xe0 [nfs]\n deactivate_locked_super+0x30/0xb0\n cleanup_mnt+0xba/0x150\n task_work_run+0x59/0x90\n syscall_exit_to_user_mode+0x217/0x220\n do_syscall_64+0x8e/0x160\n\nThis happens because even though we were able to create the\nnfs4_deviceid_node, the lookup for the device was unable to attach the\nblock device to the pnfs_block_dev.\n\nIf we never found a block device to register, we can avoid this case with\nthe PNFS_BDEV_REGISTERED flag. Move the deref behind the test for the\nflag.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53167" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9a53af65-241d-4cc0-b5c4-54d78d508c73.json b/objects/vulnerability/vulnerability--9a53af65-241d-4cc0-b5c4-54d78d508c73.json new file mode 100644 index 00000000000..2810a1676c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--9a53af65-241d-4cc0-b5c4-54d78d508c73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--294c2180-f9d0-419e-b5f4-b22ab3d80d52", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9a53af65-241d-4cc0-b5c4-54d78d508c73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.398014Z", + "modified": "2024-12-30T00:22:03.398014Z", + "name": "CVE-2024-56567", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nad7780: fix division by zero in ad7780_write_raw()\n\nIn the ad7780_write_raw() , val2 can be zero, which might lead to a\ndivision by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw()\nis based on iio_info's write_raw. While val is explicitly declared that\ncan be zero (in read mode), val2 is not specified to be non-zero.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56567" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9ade7a8d-2fe1-42f1-b1b4-b0a48c85d44e.json b/objects/vulnerability/vulnerability--9ade7a8d-2fe1-42f1-b1b4-b0a48c85d44e.json new file mode 100644 index 00000000000..01cdc7e1008 --- /dev/null +++ b/objects/vulnerability/vulnerability--9ade7a8d-2fe1-42f1-b1b4-b0a48c85d44e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db6b72fd-62a2-4df4-a646-1f86ccb7a30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9ade7a8d-2fe1-42f1-b1b4-b0a48c85d44e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.503072Z", + "modified": "2024-12-30T00:22:03.503072Z", + "name": "CVE-2024-56647", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Fix icmp host relookup triggering ip_rt_bug\n\narp link failure may trigger ip_rt_bug while xfrm enabled, call trace is:\n\nWARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20\nModules linked in:\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:ip_rt_bug+0x14/0x20\nCall Trace:\n \n ip_send_skb+0x14/0x40\n __icmp_send+0x42d/0x6a0\n ipv4_link_failure+0xe2/0x1d0\n arp_error_report+0x3c/0x50\n neigh_invalidate+0x8d/0x100\n neigh_timer_handler+0x2e1/0x330\n call_timer_fn+0x21/0x120\n __run_timer_base.part.0+0x1c9/0x270\n run_timer_softirq+0x4c/0x80\n handle_softirqs+0xac/0x280\n irq_exit_rcu+0x62/0x80\n sysvec_apic_timer_interrupt+0x77/0x90\n\nThe script below reproduces this scenario:\nip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \\\n\tdir out priority 0 ptype main flag localok icmp\nip l a veth1 type veth\nip a a 192.168.141.111/24 dev veth0\nip l s veth0 up\nping 192.168.141.155 -c 1\n\nicmp_route_lookup() create input routes for locally generated packets\nwhile xfrm relookup ICMP traffic.Then it will set input route\n(dst->out = ip_rt_bug) to skb for DESTUNREACH.\n\nFor ICMP err triggered by locally generated packets, dst->dev of output\nroute is loopback. Generally, xfrm relookup verification is not required\non loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1).\n\nSkip icmp relookup for locally generated packets to fix it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c5727d5-a1aa-4245-8148-f049e0a662e0.json b/objects/vulnerability/vulnerability--9c5727d5-a1aa-4245-8148-f049e0a662e0.json new file mode 100644 index 00000000000..293d7274f55 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c5727d5-a1aa-4245-8148-f049e0a662e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a652da77-6b0f-4e32-8239-d93543c26b56", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c5727d5-a1aa-4245-8148-f049e0a662e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.479561Z", + "modified": "2024-12-30T00:22:03.479561Z", + "name": "CVE-2024-56682", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/riscv-aplic: Prevent crash when MSI domain is missing\n\nIf the APLIC driver is probed before the IMSIC driver, the parent MSI\ndomain will be missing, which causes a NULL pointer dereference in\nmsi_create_device_irq_domain().\n\nAvoid this by deferring probe until the parent MSI domain is available. Use\ndev_err_probe() to avoid printing an error message when returning\n-EPROBE_DEFER.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9cae081b-846f-4ce9-8b65-7ef337a40e49.json b/objects/vulnerability/vulnerability--9cae081b-846f-4ce9-8b65-7ef337a40e49.json new file mode 100644 index 00000000000..2872e8c8b25 --- /dev/null +++ b/objects/vulnerability/vulnerability--9cae081b-846f-4ce9-8b65-7ef337a40e49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aaa658b7-7573-4be3-a8c6-51fbc1b99138", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9cae081b-846f-4ce9-8b65-7ef337a40e49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.606582Z", + "modified": "2024-12-30T00:22:03.606582Z", + "name": "CVE-2024-56713", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: fix nsim_pp_hold_write()\n\nnsim_pp_hold_write() has two problems:\n\n1) It may return with rtnl held, as found by syzbot.\n\n2) Its return value does not propagate an error if any.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56713" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e219eab-224e-46d1-ba60-8870bb240bc7.json b/objects/vulnerability/vulnerability--9e219eab-224e-46d1-ba60-8870bb240bc7.json new file mode 100644 index 00000000000..72dd630c58b --- /dev/null +++ b/objects/vulnerability/vulnerability--9e219eab-224e-46d1-ba60-8870bb240bc7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d40c602d-019c-4fe9-9707-de6a8c0e4472", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e219eab-224e-46d1-ba60-8870bb240bc7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.574992Z", + "modified": "2024-12-30T00:22:01.574992Z", + "name": "CVE-2024-12977", + "description": "A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12977" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e258485-0093-422a-bf89-7de4d83b037b.json b/objects/vulnerability/vulnerability--9e258485-0093-422a-bf89-7de4d83b037b.json new file mode 100644 index 00000000000..f96b3b95f71 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e258485-0093-422a-bf89-7de4d83b037b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e645f5d3-4c4b-4e80-89e3-6b9326e8ca5c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e258485-0093-422a-bf89-7de4d83b037b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.093024Z", + "modified": "2024-12-30T00:22:02.093024Z", + "name": "CVE-2024-11842", + "description": "The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11842" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e25fb27-6964-49b2-8a18-4468b9ebae48.json b/objects/vulnerability/vulnerability--9e25fb27-6964-49b2-8a18-4468b9ebae48.json new file mode 100644 index 00000000000..4f8bf563f4a --- /dev/null +++ b/objects/vulnerability/vulnerability--9e25fb27-6964-49b2-8a18-4468b9ebae48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d20086a-7a60-49b5-bcb2-5020c446f36a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e25fb27-6964-49b2-8a18-4468b9ebae48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.582125Z", + "modified": "2024-12-30T00:22:03.582125Z", + "name": "CVE-2024-56661", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix NULL deref in cleanup_bearer()\n\nsyzbot found [1] that after blamed commit, ub->ubsock->sk\nwas NULL when attempting the atomic_dec() :\n\natomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count);\n\nFix this by caching the tipc_net pointer.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events cleanup_bearer\n RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline]\n RIP: 0010:sock_net include/net/sock.h:655 [inline]\n RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820\nCode: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b\nRSP: 0018:ffffc9000410fb70 EFLAGS: 00010206\nRAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00\nRDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900\nRBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20\nR10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980\nR13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918\nFS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56661" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e9918b3-65c6-47ee-a376-ca86bda38456.json b/objects/vulnerability/vulnerability--9e9918b3-65c6-47ee-a376-ca86bda38456.json new file mode 100644 index 00000000000..1cd9ac9c62b --- /dev/null +++ b/objects/vulnerability/vulnerability--9e9918b3-65c6-47ee-a376-ca86bda38456.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bbdb97b6-456a-4a27-b5c9-714ecde8e542", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e9918b3-65c6-47ee-a376-ca86bda38456", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.367197Z", + "modified": "2024-12-30T00:22:02.367197Z", + "name": "CVE-2024-53227", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Fix use-after-free in bfad_im_module_exit()\n\nBUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20\nRead of size 8 at addr ffff8881082d80c8 by task modprobe/25303\n\nCall Trace:\n \n dump_stack_lvl+0x95/0xe0\n print_report+0xcb/0x620\n kasan_report+0xbd/0xf0\n __lock_acquire+0x2aca/0x3a20\n lock_acquire+0x19b/0x520\n _raw_spin_lock+0x2b/0x40\n attribute_container_unregister+0x30/0x160\n fc_release_transport+0x19/0x90 [scsi_transport_fc]\n bfad_im_module_exit+0x23/0x60 [bfa]\n bfad_init+0xdb/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \n\nAllocated by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n fc_attach_transport+0x4f/0x4740 [scsi_transport_fc]\n bfad_im_module_init+0x17/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 25303:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x38/0x50\n kfree+0x212/0x480\n bfad_im_module_init+0x7e/0x80 [bfa]\n bfad_init+0x23/0xff0 [bfa]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAbove issue happens as follows:\n\nbfad_init\n error = bfad_im_module_init()\n fc_release_transport(bfad_im_scsi_transport_template);\n if (error)\n goto ext;\n\next:\n bfad_im_module_exit();\n fc_release_transport(bfad_im_scsi_transport_template);\n --> Trigger double release\n\nDon't call bfad_im_module_exit() if bfad_im_module_init() failed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a08eb277-1a57-474e-86a9-b715a0429cf8.json b/objects/vulnerability/vulnerability--a08eb277-1a57-474e-86a9-b715a0429cf8.json new file mode 100644 index 00000000000..7530408baa9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a08eb277-1a57-474e-86a9-b715a0429cf8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65fc5278-81c9-4a19-bd5c-b19d4b328282", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a08eb277-1a57-474e-86a9-b715a0429cf8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.382455Z", + "modified": "2024-12-30T00:22:02.382455Z", + "name": "CVE-2024-53170", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix uaf for flush rq while iterating tags\n\nblk_mq_clear_flush_rq_mapping() is not called during scsi probe, by\nchecking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared\nin del_gendisk by commit aec89dc5d421 (\"block: keep q_usage_counter in\natomic mode after del_gendisk\"), hence for disk like scsi, following\nblk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well,\ncause following uaf that is found by our syzkaller for v6.6:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261\nRead of size 4 at addr ffff88811c969c20 by task kworker/1:2H/224909\n\nCPU: 1 PID: 224909 Comm: kworker/1:2H Not tainted 6.6.0-ga836a5060850 #32\nWorkqueue: kblockd blk_mq_timeout_work\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106\nprint_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364\nprint_report+0x3e/0x70 mm/kasan/report.c:475\nkasan_report+0xb8/0xf0 mm/kasan/report.c:588\nblk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261\nbt_iter block/blk-mq-tag.c:288 [inline]\n__sbitmap_for_each_set include/linux/sbitmap.h:295 [inline]\nsbitmap_for_each_set include/linux/sbitmap.h:316 [inline]\nbt_for_each+0x455/0x790 block/blk-mq-tag.c:325\nblk_mq_queue_tag_busy_iter+0x320/0x740 block/blk-mq-tag.c:534\nblk_mq_timeout_work+0x1a3/0x7b0 block/blk-mq.c:1673\nprocess_one_work+0x7c4/0x1450 kernel/workqueue.c:2631\nprocess_scheduled_works kernel/workqueue.c:2704 [inline]\nworker_thread+0x804/0xe40 kernel/workqueue.c:2785\nkthread+0x346/0x450 kernel/kthread.c:388\nret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:293\n\nAllocated by task 942:\nkasan_save_stack+0x22/0x50 mm/kasan/common.c:45\nkasan_set_track+0x25/0x30 mm/kasan/common.c:52\n____kasan_kmalloc mm/kasan/common.c:374 [inline]\n__kasan_kmalloc mm/kasan/common.c:383 [inline]\n__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:380\nkasan_kmalloc include/linux/kasan.h:198 [inline]\n__do_kmalloc_node mm/slab_common.c:1007 [inline]\n__kmalloc_node+0x69/0x170 mm/slab_common.c:1014\nkmalloc_node include/linux/slab.h:620 [inline]\nkzalloc_node include/linux/slab.h:732 [inline]\nblk_alloc_flush_queue+0x144/0x2f0 block/blk-flush.c:499\nblk_mq_alloc_hctx+0x601/0x940 block/blk-mq.c:3788\nblk_mq_alloc_and_init_hctx+0x27f/0x330 block/blk-mq.c:4261\nblk_mq_realloc_hw_ctxs+0x488/0x5e0 block/blk-mq.c:4294\nblk_mq_init_allocated_queue+0x188/0x860 block/blk-mq.c:4350\nblk_mq_init_queue_data block/blk-mq.c:4166 [inline]\nblk_mq_init_queue+0x8d/0x100 block/blk-mq.c:4176\nscsi_alloc_sdev+0x843/0xd50 drivers/scsi/scsi_scan.c:335\nscsi_probe_and_add_lun+0x77c/0xde0 drivers/scsi/scsi_scan.c:1189\n__scsi_scan_target+0x1fc/0x5a0 drivers/scsi/scsi_scan.c:1727\nscsi_scan_channel drivers/scsi/scsi_scan.c:1815 [inline]\nscsi_scan_channel+0x14b/0x1e0 drivers/scsi/scsi_scan.c:1791\nscsi_scan_host_selected+0x2fe/0x400 drivers/scsi/scsi_scan.c:1844\nscsi_scan+0x3a0/0x3f0 drivers/scsi/scsi_sysfs.c:151\nstore_scan+0x2a/0x60 drivers/scsi/scsi_sysfs.c:191\ndev_attr_store+0x5c/0x90 drivers/base/core.c:2388\nsysfs_kf_write+0x11c/0x170 fs/sysfs/file.c:136\nkernfs_fop_write_iter+0x3fc/0x610 fs/kernfs/file.c:338\ncall_write_iter include/linux/fs.h:2083 [inline]\nnew_sync_write+0x1b4/0x2d0 fs/read_write.c:493\nvfs_write+0x76c/0xb00 fs/read_write.c:586\nksys_write+0x127/0x250 fs/read_write.c:639\ndo_syscall_x64 arch/x86/entry/common.c:51 [inline]\ndo_syscall_64+0x70/0x120 arch/x86/entry/common.c:81\nentry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nFreed by task 244687:\nkasan_save_stack+0x22/0x50 mm/kasan/common.c:45\nkasan_set_track+0x25/0x30 mm/kasan/common.c:52\nkasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:522\n____kasan_slab_free mm/kasan/common.c:236 [inline]\n__kasan_slab_free+0x12a/0x1b0 mm/kasan/common.c:244\nkasan_slab_free include/linux/kasan.h:164 [in\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53170" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0f043f8-e7f1-455a-acf8-4431966ce29b.json b/objects/vulnerability/vulnerability--a0f043f8-e7f1-455a-acf8-4431966ce29b.json new file mode 100644 index 00000000000..5210f0cfa94 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0f043f8-e7f1-455a-acf8-4431966ce29b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b663fce-285c-4302-887c-bb9f20f042cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0f043f8-e7f1-455a-acf8-4431966ce29b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.460846Z", + "modified": "2024-12-30T00:22:02.460846Z", + "name": "CVE-2024-53177", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: prevent use-after-free due to open_cached_dir error paths\n\nIf open_cached_dir() encounters an error parsing the lease from the\nserver, the error handling may race with receiving a lease break,\nresulting in open_cached_dir() freeing the cfid while the queued work is\npending.\n\nUpdate open_cached_dir() to drop refs rather than directly freeing the\ncfid.\n\nHave cached_dir_lease_break(), cfids_laundromat_worker(), and\ninvalidate_all_cached_dirs() clear has_lease immediately while still\nholding cfids->cfid_list_lock, and then use this to also simplify the\nreference counting in cfids_laundromat_worker() and\ninvalidate_all_cached_dirs().\n\nFixes this KASAN splat (which manually injects an error and lease break\nin open_cached_dir()):\n\n==================================================================\nBUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0\nRead of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65\n\nCPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nWorkqueue: cifsiod smb2_cached_lease_break\nCall Trace:\n \n dump_stack_lvl+0x77/0xb0\n print_report+0xce/0x660\n kasan_report+0xd3/0x110\n smb2_cached_lease_break+0x27/0xb0\n process_one_work+0x50a/0xc50\n worker_thread+0x2ba/0x530\n kthread+0x17c/0x1c0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0xaa/0xb0\n open_cached_dir+0xa7d/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 2464:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x51/0x70\n kfree+0x174/0x520\n open_cached_dir+0x97f/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x33/0x60\n __kasan_record_aux_stack+0xad/0xc0\n insert_work+0x32/0x100\n __queue_work+0x5c9/0x870\n queue_work_on+0x82/0x90\n open_cached_dir+0x1369/0x1fb0\n smb2_query_path_info+0x43c/0x6e0\n cifs_get_fattr+0x346/0xf10\n cifs_get_inode_info+0x157/0x210\n cifs_revalidate_dentry_attr+0x2d1/0x460\n cifs_getattr+0x173/0x470\n vfs_statx_path+0x10f/0x160\n vfs_statx+0xe9/0x150\n vfs_fstatat+0x5e/0xc0\n __do_sys_newfstatat+0x91/0xf0\n do_syscall_64+0x95/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe buggy address belongs to the object at ffff88811cc24c00\n which belongs to the cache kmalloc-1k of size 1024\nThe buggy address is located 16 bytes inside of\n freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a263c86c-a16b-4108-8155-f0cc4b0e31bf.json b/objects/vulnerability/vulnerability--a263c86c-a16b-4108-8155-f0cc4b0e31bf.json new file mode 100644 index 00000000000..a03fb2a9f4b --- /dev/null +++ b/objects/vulnerability/vulnerability--a263c86c-a16b-4108-8155-f0cc4b0e31bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36763889-0c51-4110-9d68-6e26df11c3a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a263c86c-a16b-4108-8155-f0cc4b0e31bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.543533Z", + "modified": "2024-12-30T00:22:03.543533Z", + "name": "CVE-2024-56651", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: hi3110_can_ist(): fix potential use-after-free\n\nThe commit a22bd630cfff (\"can: hi311x: do not report txerr and rxerr\nduring bus-off\") removed the reporting of rxerr and txerr even in case\nof correct operation (i. e. not bus-off).\n\nThe error count information added to the CAN frame after netif_rx() is\na potential use after free, since there is no guarantee that the skb\nis in the same state. It might be freed or reused.\n\nFix the issue by postponing the netif_rx() call in case of txerr and\nrxerr reporting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2722ad8-d8d3-4751-adc7-942b88ac9e5f.json b/objects/vulnerability/vulnerability--a2722ad8-d8d3-4751-adc7-942b88ac9e5f.json new file mode 100644 index 00000000000..30302a03ba3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2722ad8-d8d3-4751-adc7-942b88ac9e5f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65f2a6ef-5533-41c3-a85b-dfd7eeacbaf8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2722ad8-d8d3-4751-adc7-942b88ac9e5f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.451636Z", + "modified": "2024-12-30T00:22:02.451636Z", + "name": "CVE-2024-53222", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nzram: fix NULL pointer in comp_algorithm_show()\n\nLTP reported a NULL pointer dereference as followed:\n\n CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3\n Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __pi_strcmp+0x24/0x140\n lr : zcomp_available_show+0x60/0x100 [zram]\n sp : ffff800088b93b90\n x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0\n x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000\n x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900\n x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280\n x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000\n x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c\n x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000\n Call trace:\n __pi_strcmp+0x24/0x140\n comp_algorithm_show+0x40/0x70 [zram]\n dev_attr_show+0x28/0x80\n sysfs_kf_seq_show+0x90/0x140\n kernfs_seq_show+0x34/0x48\n seq_read_iter+0x1d4/0x4e8\n kernfs_fop_read_iter+0x40/0x58\n new_sync_read+0x9c/0x168\n vfs_read+0x1a8/0x1f8\n ksys_read+0x74/0x108\n __arm64_sys_read+0x24/0x38\n invoke_syscall+0x50/0x120\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0x138\n el0t_64_sync_handler+0xc0/0xc8\n el0t_64_sync+0x188/0x190\n\nThe zram->comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if\ncomp_algorithm_set() has not been called. User can access the zram device\nby sysfs after device_add_disk(), so there is a time window to trigger the\nNULL pointer dereference. Move it ahead device_add_disk() to make sure\nwhen user can access the zram device, it is ready. comp_algorithm_set()\nis protected by zram->init_lock in other places and no such problem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a28fa603-fd0d-4e18-b68c-b6b7ca594daa.json b/objects/vulnerability/vulnerability--a28fa603-fd0d-4e18-b68c-b6b7ca594daa.json new file mode 100644 index 00000000000..a291b377139 --- /dev/null +++ b/objects/vulnerability/vulnerability--a28fa603-fd0d-4e18-b68c-b6b7ca594daa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--504006ba-3221-4e58-91c8-8e187acc8560", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a28fa603-fd0d-4e18-b68c-b6b7ca594daa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.570567Z", + "modified": "2024-12-30T00:22:03.570567Z", + "name": "CVE-2024-56620", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: qcom: Only free platform MSIs when ESI is enabled\n\nOtherwise, it will result in a NULL pointer dereference as below:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000008\nCall trace:\n mutex_lock+0xc/0x54\n platform_device_msi_free_irqs_all+0x14/0x20\n ufs_qcom_remove+0x34/0x48 [ufs_qcom]\n platform_remove+0x28/0x44\n device_remove+0x4c/0x80\n device_release_driver_internal+0xd8/0x178\n driver_detach+0x50/0x9c\n bus_remove_driver+0x6c/0xbc\n driver_unregister+0x30/0x60\n platform_driver_unregister+0x14/0x20\n ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom]\n __arm64_sys_delete_module+0x180/0x260\n invoke_syscall+0x44/0x100\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xdc\n el0t_64_sync_handler+0xc0/0xc4\n el0t_64_sync+0x190/0x194", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3392796-6a2b-4b10-8596-b781dc6c3681.json b/objects/vulnerability/vulnerability--a3392796-6a2b-4b10-8596-b781dc6c3681.json new file mode 100644 index 00000000000..1e0f233da63 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3392796-6a2b-4b10-8596-b781dc6c3681.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--424bda08-27be-4809-a63d-6c0bfb002086", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3392796-6a2b-4b10-8596-b781dc6c3681", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.566712Z", + "modified": "2024-12-30T00:22:03.566712Z", + "name": "CVE-2024-56705", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: Add check for rgby_data memory allocation failure\n\nIn ia_css_3a_statistics_allocate(), there is no check on the allocation\nresult of the rgby_data memory. If rgby_data is not successfully\nallocated, it may trigger the assert(host_stats->rgby_data) assertion in\nia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3fcf538-fffe-4515-b965-3ad56441af8a.json b/objects/vulnerability/vulnerability--a3fcf538-fffe-4515-b965-3ad56441af8a.json new file mode 100644 index 00000000000..0abf3f0de0f --- /dev/null +++ b/objects/vulnerability/vulnerability--a3fcf538-fffe-4515-b965-3ad56441af8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa764af8-b49f-4d44-bf99-c3070fdb2b34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3fcf538-fffe-4515-b965-3ad56441af8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.458838Z", + "modified": "2024-12-30T00:22:02.458838Z", + "name": "CVE-2024-53219", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: use pages instead of pointer for kernel direct IO\n\nWhen trying to insert a 10MB kernel module kept in a virtio-fs with cache\ndisabled, the following warning was reported:\n\n ------------[ cut here ]------------\n WARNING: CPU: 1 PID: 404 at mm/page_alloc.c:4551 ......\n Modules linked in:\n CPU: 1 PID: 404 Comm: insmod Not tainted 6.9.0-rc5+ #123\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:__alloc_pages+0x2bf/0x380\n ......\n Call Trace:\n \n ? __warn+0x8e/0x150\n ? __alloc_pages+0x2bf/0x380\n __kmalloc_large_node+0x86/0x160\n __kmalloc+0x33c/0x480\n virtio_fs_enqueue_req+0x240/0x6d0\n virtio_fs_wake_pending_and_unlock+0x7f/0x190\n queue_request_and_unlock+0x55/0x60\n fuse_simple_request+0x152/0x2b0\n fuse_direct_io+0x5d2/0x8c0\n fuse_file_read_iter+0x121/0x160\n __kernel_read+0x151/0x2d0\n kernel_read+0x45/0x50\n kernel_read_file+0x1a9/0x2a0\n init_module_from_file+0x6a/0xe0\n idempotent_init_module+0x175/0x230\n __x64_sys_finit_module+0x5d/0xb0\n x64_sys_call+0x1c3/0x9e0\n do_syscall_64+0x3d/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n ......\n \n ---[ end trace 0000000000000000 ]---\n\nThe warning is triggered as follows:\n\n1) syscall finit_module() handles the module insertion and it invokes\nkernel_read_file() to read the content of the module first.\n\n2) kernel_read_file() allocates a 10MB buffer by using vmalloc() and\npasses it to kernel_read(). kernel_read() constructs a kvec iter by\nusing iov_iter_kvec() and passes it to fuse_file_read_iter().\n\n3) virtio-fs disables the cache, so fuse_file_read_iter() invokes\nfuse_direct_io(). As for now, the maximal read size for kvec iter is\nonly limited by fc->max_read. For virtio-fs, max_read is UINT_MAX, so\nfuse_direct_io() doesn't split the 10MB buffer. It saves the address and\nthe size of the 10MB-sized buffer in out_args[0] of a fuse request and\npasses the fuse request to virtio_fs_wake_pending_and_unlock().\n\n4) virtio_fs_wake_pending_and_unlock() uses virtio_fs_enqueue_req() to\nqueue the request. Because virtiofs need DMA-able address, so\nvirtio_fs_enqueue_req() uses kmalloc() to allocate a bounce buffer for\nall fuse args, copies these args into the bounce buffer and passed the\nphysical address of the bounce buffer to virtiofsd. The total length of\nthese fuse args for the passed fuse request is about 10MB, so\ncopy_args_to_argbuf() invokes kmalloc() with a 10MB size parameter and\nit triggers the warning in __alloc_pages():\n\n\tif (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp))\n\t\treturn NULL;\n\n5) virtio_fs_enqueue_req() will retry the memory allocation in a\nkworker, but it won't help, because kmalloc() will always return NULL\ndue to the abnormal size and finit_module() will hang forever.\n\nA feasible solution is to limit the value of max_read for virtio-fs, so\nthe length passed to kmalloc() will be limited. However it will affect\nthe maximal read size for normal read. And for virtio-fs write initiated\nfrom kernel, it has the similar problem but now there is no way to limit\nfc->max_write in kernel.\n\nSo instead of limiting both the values of max_read and max_write in\nkernel, introducing use_pages_for_kvec_io in fuse_conn and setting it as\ntrue in virtiofs. When use_pages_for_kvec_io is enabled, fuse will use\npages instead of pointer to pass the KVEC_IO data.\n\nAfter switching to pages for KVEC_IO data, these pages will be used for\nDMA through virtio-fs. If these pages are backed by vmalloc(),\n{flush|invalidate}_kernel_vmap_range() are necessary to flush or\ninvalidate the cache before the DMA operation. So add two new fields in\nfuse_args_pages to record the base address of vmalloc area and the\ncondition indicating whether invalidation is needed. Perform the flush\nin fuse_get_user_pages() for write operations and the invalidation in\nfuse_release_user_pages() for read operations.\n\nIt may seem necessary to introduce another fie\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53219" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4a9d5d5-4b68-4295-b81d-7a29bdbd768b.json b/objects/vulnerability/vulnerability--a4a9d5d5-4b68-4295-b81d-7a29bdbd768b.json new file mode 100644 index 00000000000..6e7aa4fb6ec --- /dev/null +++ b/objects/vulnerability/vulnerability--a4a9d5d5-4b68-4295-b81d-7a29bdbd768b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37d53b36-4353-48bf-ba39-670573e411a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4a9d5d5-4b68-4295-b81d-7a29bdbd768b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.588457Z", + "modified": "2024-12-30T00:22:03.588457Z", + "name": "CVE-2024-56721", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU/AMD: Terminate the erratum_1386_microcode array\n\nThe erratum_1386_microcode array requires an empty entry at the end.\nOtherwise x86_match_cpu_with_stepping() will continue iterate the array after\nit ended.\n\nAdd an empty entry to erratum_1386_microcode to its end.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56721" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6336cb8-6e22-412b-b10a-60dbf11e1c61.json b/objects/vulnerability/vulnerability--a6336cb8-6e22-412b-b10a-60dbf11e1c61.json new file mode 100644 index 00000000000..ae6adf04b90 --- /dev/null +++ b/objects/vulnerability/vulnerability--a6336cb8-6e22-412b-b10a-60dbf11e1c61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79af93e7-4b54-4d3d-8c8a-f7a3d085c64d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6336cb8-6e22-412b-b10a-60dbf11e1c61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.487358Z", + "modified": "2024-12-30T00:22:03.487358Z", + "name": "CVE-2024-56540", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Prevent recovery invocation during probe and resume\n\nRefactor IPC send and receive functions to allow correct\nhandling of operations that should not trigger a recovery process.\n\nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3\nentry, DCT initialization, and HWS initialization functions.\nThese functions have been modified to return error codes gracefully,\nrather than initiating recovery.\n\nThe updated functions are invoked within ivpu_probe() and ivpu_resume(),\nensuring that any errors encountered during these stages result in a proper\nteardown or shutdown sequence. The previous approach of triggering recovery\nwithin these functions could lead to a race condition, potentially causing\nundefined behavior and kernel crashes due to null pointer dereferences.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6ec55b2-b5dd-42c2-94ec-5b2285877f33.json b/objects/vulnerability/vulnerability--a6ec55b2-b5dd-42c2-94ec-5b2285877f33.json new file mode 100644 index 00000000000..f907c4b7b7b --- /dev/null +++ b/objects/vulnerability/vulnerability--a6ec55b2-b5dd-42c2-94ec-5b2285877f33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56179b70-7cb1-47d7-8215-b9ed6c31c508", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6ec55b2-b5dd-42c2-94ec-5b2285877f33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:18.029939Z", + "modified": "2024-12-30T00:22:18.029939Z", + "name": "CVE-2020-1823", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a81c4c49-7b9e-4d37-b4a8-f9499a877a8c.json b/objects/vulnerability/vulnerability--a81c4c49-7b9e-4d37-b4a8-f9499a877a8c.json new file mode 100644 index 00000000000..d9285024cd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a81c4c49-7b9e-4d37-b4a8-f9499a877a8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16d90e88-2332-4669-bedf-f50672133f93", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a81c4c49-7b9e-4d37-b4a8-f9499a877a8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.448193Z", + "modified": "2024-12-30T00:22:02.448193Z", + "name": "CVE-2024-53229", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix the qp flush warnings in req\n\nWhen the qp is in error state, the status of WQEs in the queue should be\nset to error. Or else the following will appear.\n\n[ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe]\n[ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6\n[ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65\n[ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe]\n[ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24\n[ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246\n[ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008\n[ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac\n[ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450\n[ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800\n[ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000\n[ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000\n[ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0\n[ 920.623680] Call Trace:\n[ 920.623815] \n[ 920.623933] ? __warn+0x79/0xc0\n[ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe]\n[ 920.624356] ? report_bug+0xfb/0x150\n[ 920.624594] ? handle_bug+0x3c/0x60\n[ 920.624796] ? exc_invalid_op+0x14/0x70\n[ 920.624976] ? asm_exc_invalid_op+0x16/0x20\n[ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe]\n[ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe]\n[ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe]\n[ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe]\n[ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe]\n[ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe]\n[ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe]\n[ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe]\n[ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120\n[ 920.627522] handle_softirqs+0xc2/0x250\n[ 920.627728] ? sort_range+0x20/0x20\n[ 920.627942] run_ksoftirqd+0x1f/0x30\n[ 920.628158] smpboot_thread_fn+0xc7/0x1b0\n[ 920.628334] kthread+0xd6/0x100\n[ 920.628504] ? kthread_complete_and_exit+0x20/0x20\n[ 920.628709] ret_from_fork+0x1f/0x30\n[ 920.628892] ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53229" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8ab9d80-79d1-4c65-ba73-e303568a6311.json b/objects/vulnerability/vulnerability--a8ab9d80-79d1-4c65-ba73-e303568a6311.json new file mode 100644 index 00000000000..347c256cb1d --- /dev/null +++ b/objects/vulnerability/vulnerability--a8ab9d80-79d1-4c65-ba73-e303568a6311.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--844d7083-1807-4374-ac3c-88caa259cca0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8ab9d80-79d1-4c65-ba73-e303568a6311", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.565536Z", + "modified": "2024-12-30T00:22:03.565536Z", + "name": "CVE-2024-56613", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: fix memory leak due to the overwritten vma->numab_state\n\n[Problem Description]\nWhen running the hackbench program of LTP, the following memory leak is\nreported by kmemleak.\n\n # /opt/ltp/testcases/bin/hackbench 20 thread 1000\n Running with 20*40 (== 800) tasks.\n\n # dmesg | grep kmemleak\n ...\n kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n kmemleak: 665 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\n\n # cat /sys/kernel/debug/kmemleak\n unreferenced object 0xffff888cd8ca2c40 (size 64):\n comm \"hackbench\", pid 17142, jiffies 4299780315\n hex dump (first 32 bytes):\n ac 74 49 00 01 00 00 00 4c 84 49 00 01 00 00 00 .tI.....L.I.....\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc bff18fd4):\n [] __kmalloc_cache_noprof+0x2f9/0x3f0\n [] task_numa_work+0x725/0xa00\n [] task_work_run+0x58/0x90\n [] syscall_exit_to_user_mode+0x1c8/0x1e0\n [] do_syscall_64+0x85/0x150\n [] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ...\n\nThis issue can be consistently reproduced on three different servers:\n * a 448-core server\n * a 256-core server\n * a 192-core server\n\n[Root Cause]\nSince multiple threads are created by the hackbench program (along with\nthe command argument 'thread'), a shared vma might be accessed by two or\nmore cores simultaneously. When two or more cores observe that\nvma->numab_state is NULL at the same time, vma->numab_state will be\noverwritten.\n\nAlthough current code ensures that only one thread scans the VMAs in a\nsingle 'numa_scan_period', there might be a chance for another thread\nto enter in the next 'numa_scan_period' while we have not gotten till\nnumab_state allocation [1].\n\nNote that the command `/opt/ltp/testcases/bin/hackbench 50 process 1000`\ncannot the reproduce the issue. It is verified with 200+ test runs.\n\n[Solution]\nUse the cmpxchg atomic operation to ensure that only one thread executes\nthe vma->numab_state assignment.\n\n[1] https://lore.kernel.org/lkml/1794be3c-358c-4cdc-a43d-a1f841d91ef7@amd.com/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56613" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9032918-b62c-43fe-a0df-d6c84782f0cc.json b/objects/vulnerability/vulnerability--a9032918-b62c-43fe-a0df-d6c84782f0cc.json new file mode 100644 index 00000000000..def5d0aa7a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--a9032918-b62c-43fe-a0df-d6c84782f0cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e6a73c9-85ac-4a1e-b557-5908c242cea7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9032918-b62c-43fe-a0df-d6c84782f0cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.600103Z", + "modified": "2024-12-30T00:22:03.600103Z", + "name": "CVE-2024-56659", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: lapb: increase LAPB_HEADER_LEN\n\nIt is unclear if net/lapb code is supposed to be ready for 8021q.\n\nWe can at least avoid crashes like the following :\n\nskbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 1 UID: 0 PID: 5508 Comm: dhcpcd Not tainted 6.12.0-rc7-syzkaller-00144-g66418447d27b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 2e 9e 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 1a 6f 37 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc90002ddf638 EFLAGS: 00010282\nRAX: 0000000000000086 RBX: dffffc0000000000 RCX: 7a24750e538ff600\nRDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000\nRBP: ffff888034a86650 R08: ffffffff8174b13c R09: 1ffff920005bbe60\nR10: dffffc0000000000 R11: fffff520005bbe61 R12: 0000000000000140\nR13: ffff88802824a400 R14: ffff88802824a3fe R15: 0000000000000016\nFS: 00007f2a5990d740(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000110c2631fd CR3: 0000000029504000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n skb_push+0xe5/0x100 net/core/skbuff.c:2636\n nr_header+0x36/0x320 net/netrom/nr_dev.c:69\n dev_hard_header include/linux/netdevice.h:3148 [inline]\n vlan_dev_hard_header+0x359/0x480 net/8021q/vlan_dev.c:83\n dev_hard_header include/linux/netdevice.h:3148 [inline]\n lapbeth_data_transmit+0x1f6/0x2a0 drivers/net/wan/lapbether.c:257\n lapb_data_transmit+0x91/0xb0 net/lapb/lapb_iface.c:447\n lapb_transmit_buffer+0x168/0x1f0 net/lapb/lapb_out.c:149\n lapb_establish_data_link+0x84/0xd0\n lapb_device_event+0x4e0/0x670\n notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93\n __dev_notify_flags+0x207/0x400\n dev_change_flags+0xf0/0x1a0 net/core/dev.c:8922\n devinet_ioctl+0xa4e/0x1aa0 net/ipv4/devinet.c:1188\n inet_ioctl+0x3d7/0x4f0 net/ipv4/af_inet.c:1003\n sock_do_ioctl+0x158/0x460 net/socket.c:1227\n sock_ioctl+0x626/0x8e0 net/socket.c:1346\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a9426c44-8a78-4f8b-933d-e2e4ddf8ddbe.json b/objects/vulnerability/vulnerability--a9426c44-8a78-4f8b-933d-e2e4ddf8ddbe.json new file mode 100644 index 00000000000..0de66c39a6a --- /dev/null +++ b/objects/vulnerability/vulnerability--a9426c44-8a78-4f8b-933d-e2e4ddf8ddbe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96fee446-35b8-48f0-a821-61065821337c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a9426c44-8a78-4f8b-933d-e2e4ddf8ddbe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.434896Z", + "modified": "2024-12-30T00:22:02.434896Z", + "name": "CVE-2024-53165", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: intc: Fix use-after-free bug in register_intc_controller()\n\nIn the error handling for this function, d is freed without ever\nremoving it from intc_list which would lead to a use after free.\nTo fix this, let's only add it to the list after everything has\nsucceeded.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53165" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae7c7855-d166-495c-a816-ea285b1a439b.json b/objects/vulnerability/vulnerability--ae7c7855-d166-495c-a816-ea285b1a439b.json new file mode 100644 index 00000000000..971e55b704d --- /dev/null +++ b/objects/vulnerability/vulnerability--ae7c7855-d166-495c-a816-ea285b1a439b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7da39c83-66da-436c-b5a2-56f38d4be34d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae7c7855-d166-495c-a816-ea285b1a439b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:11.963817Z", + "modified": "2024-12-30T00:22:11.963817Z", + "name": "CVE-2023-7266", + "description": "Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605)\nThis vulnerability has been assigned a (CVE)ID:CVE-2023-7266", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-7266" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af872378-8208-4241-be3e-5171ca4bac57.json b/objects/vulnerability/vulnerability--af872378-8208-4241-be3e-5171ca4bac57.json new file mode 100644 index 00000000000..b066dc0cc9b --- /dev/null +++ b/objects/vulnerability/vulnerability--af872378-8208-4241-be3e-5171ca4bac57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f5d85af-caaf-41d4-93ce-2497c26c902d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af872378-8208-4241-be3e-5171ca4bac57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.390955Z", + "modified": "2024-12-30T00:22:03.390955Z", + "name": "CVE-2024-56660", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, prevent potential error pointer dereference\n\nThe dr_domain_add_vport_cap() function generally returns NULL on error\nbut sometimes we want it to return ERR_PTR(-EBUSY) so the caller can\nretry. The problem here is that \"ret\" can be either -EBUSY or -ENOMEM\nand if it's and -ENOMEM then the error pointer is propogated back and\neventually dereferenced in dr_ste_v0_build_src_gvmi_qpn_tag().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af99d5ad-cb00-4c66-9b2c-397c1e97d5a2.json b/objects/vulnerability/vulnerability--af99d5ad-cb00-4c66-9b2c-397c1e97d5a2.json new file mode 100644 index 00000000000..95a72842639 --- /dev/null +++ b/objects/vulnerability/vulnerability--af99d5ad-cb00-4c66-9b2c-397c1e97d5a2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ed10d76-2325-4504-b9ba-ede45366323e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af99d5ad-cb00-4c66-9b2c-397c1e97d5a2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.516928Z", + "modified": "2024-12-30T00:22:03.516928Z", + "name": "CVE-2024-56697", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()\n\nFix two issues with memory allocation in amdgpu_discovery_get_nps_info()\nfor mem_ranges:\n\n - Add a check for allocation failure to avoid dereferencing a null\n pointer.\n\n - As suggested by Christophe, use kvcalloc() for memory allocation,\n which checks for multiplication overflow.\n\nAdditionally, assign the output parameters nps_type and range_cnt after\nthe kvcalloc() call to prevent modifying the output parameters in case\nof an error return.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56697" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b0bf08b7-b60b-447f-af88-d583fbbba80e.json b/objects/vulnerability/vulnerability--b0bf08b7-b60b-447f-af88-d583fbbba80e.json new file mode 100644 index 00000000000..49006234720 --- /dev/null +++ b/objects/vulnerability/vulnerability--b0bf08b7-b60b-447f-af88-d583fbbba80e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--882d7d25-95d3-4419-ae8b-c85c1dbe3daf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b0bf08b7-b60b-447f-af88-d583fbbba80e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.597356Z", + "modified": "2024-12-30T00:22:03.597356Z", + "name": "CVE-2024-56662", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl\n\nFix an issue detected by syzbot with KASAN:\n\nBUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/\ncore.c:416 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0\ndrivers/acpi/nfit/core.c:459\n\nThe issue occurs in cmd_to_func when the call_pkg->nd_reserved2\narray is accessed without verifying that call_pkg points to a buffer\nthat is appropriately sized as a struct nd_cmd_pkg. This can lead\nto out-of-bounds access and undefined behavior if the buffer does not\nhave sufficient space.\n\nTo address this, a check was added in acpi_nfit_ctl() to ensure that\nbuf is not NULL and that buf_len is less than sizeof(*call_pkg)\nbefore accessing it. This ensures safe access to the members of\ncall_pkg, including the nd_reserved2 array.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1043f08-ccc3-4cf9-a795-4b9678e2573d.json b/objects/vulnerability/vulnerability--b1043f08-ccc3-4cf9-a795-4b9678e2573d.json new file mode 100644 index 00000000000..a4e70d41376 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1043f08-ccc3-4cf9-a795-4b9678e2573d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40b49041-a4bf-4d25-8fa4-0ba4aeed9249", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1043f08-ccc3-4cf9-a795-4b9678e2573d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.854213Z", + "modified": "2024-12-30T00:22:16.854213Z", + "name": "CVE-2020-9089", + "description": "There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9089" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b144aff3-b69a-4f39-94fd-e9590f59cc64.json b/objects/vulnerability/vulnerability--b144aff3-b69a-4f39-94fd-e9590f59cc64.json new file mode 100644 index 00000000000..958b5e6cb43 --- /dev/null +++ b/objects/vulnerability/vulnerability--b144aff3-b69a-4f39-94fd-e9590f59cc64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f57db7e-b3ee-40f0-8a3e-c6b8786e3ac2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b144aff3-b69a-4f39-94fd-e9590f59cc64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:17.990086Z", + "modified": "2024-12-30T00:22:17.990086Z", + "name": "CVE-2020-1820", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1820" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1480676-4d9c-47a0-955d-a3c9364e1a47.json b/objects/vulnerability/vulnerability--b1480676-4d9c-47a0-955d-a3c9364e1a47.json new file mode 100644 index 00000000000..f2519f4c871 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1480676-4d9c-47a0-955d-a3c9364e1a47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70c61125-ce25-416f-9d9d-7a69eb556ff9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1480676-4d9c-47a0-955d-a3c9364e1a47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.532368Z", + "modified": "2024-12-30T00:22:03.532368Z", + "name": "CVE-2024-56644", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/ipv6: release expired exception dst cached in socket\n\nDst objects get leaked in ip6_negative_advice() when this function is\nexecuted for an expired IPv6 route located in the exception table. There\nare several conditions that must be fulfilled for the leak to occur:\n* an ICMPv6 packet indicating a change of the MTU for the path is received,\n resulting in an exception dst being created\n* a TCP connection that uses the exception dst for routing packets must\n start timing out so that TCP begins retransmissions\n* after the exception dst expires, the FIB6 garbage collector must not run\n before TCP executes ip6_negative_advice() for the expired exception dst\n\nWhen TCP executes ip6_negative_advice() for an exception dst that has\nexpired and if no other socket holds a reference to the exception dst, the\nrefcount of the exception dst is 2, which corresponds to the increment\nmade by dst_init() and the increment made by the TCP socket for which the\nconnection is timing out. The refcount made by the socket is never\nreleased. The refcount of the dst is decremented in sk_dst_reset() but\nthat decrement is counteracted by a dst_hold() intentionally placed just\nbefore the sk_dst_reset() in ip6_negative_advice(). After\nip6_negative_advice() has finished, there is no other object tied to the\ndst. The socket lost its reference stored in sk_dst_cache and the dst is\nno longer in the exception table. The exception dst becomes a leaked\nobject.\n\nAs a result of this dst leak, an unbalanced refcount is reported for the\nloopback device of a net namespace being destroyed under kernels that do\nnot contain e5f80fcf869a (\"ipv6: give an IPv6 dev to blackhole_netdev\"):\nunregister_netdevice: waiting for lo to become free. Usage count = 2\n\nFix the dst leak by removing the dst_hold() in ip6_negative_advice(). The\npatch that introduced the dst_hold() in ip6_negative_advice() was\n92f1655aa2b22 (\"net: fix __dst_negative_advice() race\"). But 92f1655aa2b22\nmerely refactored the code with regards to the dst refcount so the issue\nwas present even before 92f1655aa2b22. The bug was introduced in\n54c1a859efd9f (\"ipv6: Don't drop cache route entry unless timer actually\nexpired.\") where the expired cached route is deleted and the sk_dst_cache\nmember of the socket is set to NULL by calling dst_negative_advice() but\nthe refcount belonging to the socket is left unbalanced.\n\nThe IPv4 version - ipv4_negative_advice() - is not affected by this bug.\nWhen the TCP connection times out ipv4_negative_advice() merely resets the\nsk_dst_cache of the socket while decrementing the refcount of the\nexception dst.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1fc5f84-9d76-438b-b014-a12679c1ff03.json b/objects/vulnerability/vulnerability--b1fc5f84-9d76-438b-b014-a12679c1ff03.json new file mode 100644 index 00000000000..8bf893f2087 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1fc5f84-9d76-438b-b014-a12679c1ff03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7948c2db-7720-4c65-b866-cf9cef0b563e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1fc5f84-9d76-438b-b014-a12679c1ff03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.398124Z", + "modified": "2024-12-30T00:22:02.398124Z", + "name": "CVE-2024-53234", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle NONHEAD !delta[1] lclusters gracefully\n\nsyzbot reported a WARNING in iomap_iter_done:\n iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80\n ioctl_fiemap fs/ioctl.c:220 [inline]\n\nGenerally, NONHEAD lclusters won't have delta[1]==0, except for crafted\nimages and filesystems created by pre-1.0 mkfs versions.\n\nPreviously, it would immediately bail out if delta[1]==0, which led to\ninadequate decompressed lengths (thus FIEMAP is impacted). Treat it as\ndelta[1]=1 to work around these legacy mkfs versions.\n\n`lclusterbits > 14` is illegal for compact indexes, error out too.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53234" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4662e3f-db96-4a03-8ff5-6ca4bd6bf48a.json b/objects/vulnerability/vulnerability--b4662e3f-db96-4a03-8ff5-6ca4bd6bf48a.json new file mode 100644 index 00000000000..4ee7643b137 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4662e3f-db96-4a03-8ff5-6ca4bd6bf48a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf7279d9-7270-48a3-9672-8528099d8a16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4662e3f-db96-4a03-8ff5-6ca4bd6bf48a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.549691Z", + "modified": "2024-12-30T00:22:03.549691Z", + "name": "CVE-2024-56629", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: wacom: fix when get product name maybe null pointer\n\nDue to incorrect dev->product reporting by certain devices, null\npointer dereferences occur when dev->product is empty, leading to\npotential system crashes.\n\nThis issue was found on EXCELSIOR DL37-D05 device with\nLoongson-LS3A6000-7A2000-DL37 motherboard.\n\nKernel logs:\n[ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci\n[ 56.671638] usb 4-3: string descriptor 0 read error: -22\n[ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07\n[ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3\n[ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0\n[ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80\n[ 56.697732] Oops[#1]:\n[ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015\n[ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024\n[ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0\n[ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000\n[ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000\n[ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005\n[ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000\n[ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028\n[ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000\n[ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000\n[ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom]\n[ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120\n[ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE)\n[ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n[ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 56.697835] BADV: 0000000000000000\n[ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)\n[ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit\n[ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3)\n[ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000\n[ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000\n[ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0\n[ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c\n[ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440\n[ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0\n[ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c\n[ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000\n[ 56.697931] 90000001000bb8d0 \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b52b0005-87ba-4bf4-a1d9-d33866964732.json b/objects/vulnerability/vulnerability--b52b0005-87ba-4bf4-a1d9-d33866964732.json new file mode 100644 index 00000000000..50ff3dde797 --- /dev/null +++ b/objects/vulnerability/vulnerability--b52b0005-87ba-4bf4-a1d9-d33866964732.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3da3a63-504a-4761-9924-05af56aeceaa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b52b0005-87ba-4bf4-a1d9-d33866964732", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.603238Z", + "modified": "2024-12-30T00:22:03.603238Z", + "name": "CVE-2024-56648", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: avoid potential out-of-bound access in fill_frame_info()\n\nsyzbot is able to feed a packet with 14 bytes, pretending\nit is a vlan one.\n\nSince fill_frame_info() is relying on skb->mac_len already,\nextend the check to cover this case.\n\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n fill_frame_info net/hsr/hsr_forward.c:709 [inline]\n hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724\n hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235\n __netdev_start_xmit include/linux/netdevice.h:5002 [inline]\n netdev_start_xmit include/linux/netdevice.h:5011 [inline]\n xmit_one net/core/dev.c:3590 [inline]\n dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606\n __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434\n dev_queue_xmit include/linux/netdevice.h:3168 [inline]\n packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3146 [inline]\n packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4091 [inline]\n slab_alloc_node mm/slub.c:4134 [inline]\n kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587\n __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678\n alloc_skb include/linux/skbuff.h:1323 [inline]\n alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612\n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881\n packet_alloc_skb net/packet/af_packet.c:2995 [inline]\n packet_snd net/packet/af_packet.c:3089 [inline]\n packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x30f/0x380 net/socket.c:726\n __sys_sendto+0x594/0x750 net/socket.c:2197\n __do_sys_sendto net/socket.c:2204 [inline]\n __se_sys_sendto net/socket.c:2200 [inline]\n __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200\n x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b59bccc2-bb00-46b4-a37f-609e9f0f588a.json b/objects/vulnerability/vulnerability--b59bccc2-bb00-46b4-a37f-609e9f0f588a.json new file mode 100644 index 00000000000..fac6ddb5aa0 --- /dev/null +++ b/objects/vulnerability/vulnerability--b59bccc2-bb00-46b4-a37f-609e9f0f588a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--857cc2f1-9bfe-41bc-85b0-95cbca07741c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b59bccc2-bb00-46b4-a37f-609e9f0f588a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.454169Z", + "modified": "2024-12-30T00:22:03.454169Z", + "name": "CVE-2024-56589", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: hisi_sas: Add cond_resched() for no forced preemption model\n\nFor no forced preemption model kernel, in the scenario where the\nexpander is connected to 12 high performance SAS SSDs, the following\ncall trace may occur:\n\n[ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211]\n[ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 214.575224][ C240] pc : fput_many+0x8c/0xdc\n[ 214.579480][ C240] lr : fput+0x1c/0xf0\n[ 214.583302][ C240] sp : ffff80002de2b900\n[ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000\n[ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000\n[ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000\n[ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001\n[ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000\n[ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000\n[ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0\n[ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff\n[ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c\n[ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0\n[ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001\n[ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080\n[ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554\n[ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020\n[ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8\n[ 214.677191][ C240] Call trace:\n[ 214.680320][ C240] fput_many+0x8c/0xdc\n[ 214.684230][ C240] fput+0x1c/0xf0\n[ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc\n[ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140\n[ 214.696917][ C240] bio_endio+0x160/0x1bc\n[ 214.701001][ C240] blk_update_request+0x1c8/0x3bc\n[ 214.705867][ C240] scsi_end_request+0x3c/0x1f0\n[ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0\n[ 214.715249][ C240] scsi_finish_command+0x104/0x140\n[ 214.720200][ C240] scsi_softirq_done+0x90/0x180\n[ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70\n[ 214.730016][ C240] scsi_mq_done+0x48/0xac\n[ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas]\n[ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw]\n[ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw]\n[ 214.752179][ C240] irq_thread_fn+0x34/0xa4\n[ 214.756435][ C240] irq_thread+0xc4/0x130\n[ 214.760520][ C240] kthread+0x108/0x13c\n[ 214.764430][ C240] ret_from_fork+0x10/0x18\n\nThis is because in the hisi_sas driver, both the hardware interrupt\nhandler and the interrupt thread are executed on the same CPU. In the\nperformance test scenario, function irq_wait_for_interrupt() will always\nreturn 0 if lots of interrupts occurs and the CPU will be continuously\nconsumed. As a result, the CPU cannot run the watchdog thread. When the\nwatchdog time exceeds the specified time, call trace occurs.\n\nTo fix it, add cond_resched() to execute the watchdog thread.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56589" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b698c403-fee4-4521-b5f7-cf77343edd34.json b/objects/vulnerability/vulnerability--b698c403-fee4-4521-b5f7-cf77343edd34.json new file mode 100644 index 00000000000..4b563c3904f --- /dev/null +++ b/objects/vulnerability/vulnerability--b698c403-fee4-4521-b5f7-cf77343edd34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--492bb3cd-c754-4db4-89a5-7d5d1648a6c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b698c403-fee4-4521-b5f7-cf77343edd34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.557465Z", + "modified": "2024-12-30T00:22:03.557465Z", + "name": "CVE-2024-56624", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix out_fput in iommufd_fault_alloc()\n\nAs fput() calls the file->f_op->release op, where fault obj and ictx are\ngetting released, there is no need to release these two after fput() one\nmore time, which would result in imbalanced refcounts:\n refcount_t: decrement hit 0; leaking memory.\n WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230\n Call trace:\n refcount_warn_saturate+0x60/0x230 (P)\n refcount_warn_saturate+0x60/0x230 (L)\n iommufd_fault_fops_release+0x9c/0xe0 [iommufd]\n ...\n VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd])\n WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0\n Call trace:\n filp_flush+0x3c/0xf0 (P)\n filp_flush+0x3c/0xf0 (L)\n __arm64_sys_close+0x34/0x98\n ...\n imbalanced put on file reference count\n WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138\n Call trace:\n __file_ref_put+0x100/0x138 (P)\n __file_ref_put+0x100/0x138 (L)\n __fput_sync+0x4c/0xd0\n\nDrop those two lines to fix the warnings above.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56624" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7bc00d5-6561-44c5-a06d-0d8d75a8e168.json b/objects/vulnerability/vulnerability--b7bc00d5-6561-44c5-a06d-0d8d75a8e168.json new file mode 100644 index 00000000000..f693fb40482 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7bc00d5-6561-44c5-a06d-0d8d75a8e168.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--248ce526-f8d2-4518-885b-7285223c18d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7bc00d5-6561-44c5-a06d-0d8d75a8e168", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.364664Z", + "modified": "2024-12-30T00:22:02.364664Z", + "name": "CVE-2024-53217", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Prevent NULL dereference in nfsd4_process_cb_update()\n\n@ses is initialized to NULL. If __nfsd4_find_backchannel() finds no\navailable backchannel session, setup_callback_client() will try to\ndereference @ses and segfault.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53217" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b7c3b941-8924-4970-b4d4-efe213e40954.json b/objects/vulnerability/vulnerability--b7c3b941-8924-4970-b4d4-efe213e40954.json new file mode 100644 index 00000000000..e3067a945f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--b7c3b941-8924-4970-b4d4-efe213e40954.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77630e5c-d442-4a8f-bb7b-12d34c0794e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b7c3b941-8924-4970-b4d4-efe213e40954", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.529525Z", + "modified": "2024-12-30T00:22:03.529525Z", + "name": "CVE-2024-56737", + "description": "GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56737" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b83a5893-34aa-4113-8b14-4b20b3e9ddfe.json b/objects/vulnerability/vulnerability--b83a5893-34aa-4113-8b14-4b20b3e9ddfe.json new file mode 100644 index 00000000000..2f2e8ddcaae --- /dev/null +++ b/objects/vulnerability/vulnerability--b83a5893-34aa-4113-8b14-4b20b3e9ddfe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ad82396-ec4b-4936-b168-0e993e03c87b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b83a5893-34aa-4113-8b14-4b20b3e9ddfe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.61481Z", + "modified": "2024-12-30T00:22:03.61481Z", + "name": "CVE-2024-56594", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: set the right AMDGPU sg segment limitation\n\nThe driver needs to set the correct max_segment_size;\notherwise debug_dma_map_sg() will complain about the\nover-mapping of the AMDGPU sg length as following:\n\nWARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370\n[ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd\n[ 364.049532] ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii\n[ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492\n[ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021\n[ 364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370\n[ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05\n[ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286\n[ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027\n[ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680\n[ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930\n[ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000\n[ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800\n[ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000\n[ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0\n[ 364.049605] Call Trace:\n[ 364.049607] \n[ 364.049609] ? show_regs+0x6d/0x80\n[ 364.049614] ? __warn+0x8c/0x140\n[ 364.049618] ? debug_dma_map_sg+0x2dc/0x370\n[ 364.049621] ? report_bug+0x193/0x1a0\n[ 364.049627] ? handle_bug+0x46/0x80\n[ 364.049631] ? exc_invalid_op+0x1d/0x80\n[ 364.049635] ? asm_exc_invalid_op+0x1f/0x30\n[ 364.049642] ? debug_dma_map_sg+0x2dc/0x370\n[ 364.049647] __dma_map_sg_attrs+0x90/0xe0\n[ 364.049651] dma_map_sgtable+0x25/0x40\n[ 364.049654] amdgpu_bo_move+0x59a/0x850 [amdgpu]\n[ 364.049935] ? srso_return_thunk+0x5/0x5f\n[ 364.049939] ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu]\n[ 364.050095] ttm_bo_handle_move_mem+0xc3/0x180 [ttm]\n[ 364.050103] ttm_bo_validate+0xc1/0x160 [ttm]\n[ 364.050108] ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu]\n[ 364.050263] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu]\n[ 364.050473] kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu]\n[ 364.050680] kfd_ioctl+0x3c2/0x530 [amdgpu]\n[ 364.050866] ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu]\n[ 364.05105\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56594" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b87d3a79-9b40-42fe-89c3-aa0038e658e1.json b/objects/vulnerability/vulnerability--b87d3a79-9b40-42fe-89c3-aa0038e658e1.json new file mode 100644 index 00000000000..8a29c34b4cb --- /dev/null +++ b/objects/vulnerability/vulnerability--b87d3a79-9b40-42fe-89c3-aa0038e658e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26e56ac8-c182-499e-aea1-a6c7094561d3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b87d3a79-9b40-42fe-89c3-aa0038e658e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.581093Z", + "modified": "2024-12-30T00:22:03.581093Z", + "name": "CVE-2024-56512", + "description": "Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups.\n\nCreating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group.\n\nCreating a new Process Group can also include referencing existing Controller Services or Parameter Providers. The framework did not check user authorization for referenced Controller Services or Parameter Providers, enabling clients to create Process Groups and use these components that were otherwise unauthorized.\n\nThis vulnerability is limited in scope to authenticated users authorized to create Process Groups. The scope is further limited to deployments with component-based authorization policies. Upgrading to Apache NiFi 2.1.0 is the recommended mitigation, which includes authorization checking for Parameter and Controller Service references on Process Group creation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56512" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9e7ee5d-a64d-49c8-8c15-e7d67755f7ed.json b/objects/vulnerability/vulnerability--b9e7ee5d-a64d-49c8-8c15-e7d67755f7ed.json new file mode 100644 index 00000000000..a156f69000d --- /dev/null +++ b/objects/vulnerability/vulnerability--b9e7ee5d-a64d-49c8-8c15-e7d67755f7ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a726c802-b4e7-4c66-af28-05e80ef57d6e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9e7ee5d-a64d-49c8-8c15-e7d67755f7ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.484178Z", + "modified": "2024-12-30T00:22:02.484178Z", + "name": "CVE-2024-53193", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider\n\nSome heap space is allocated for the flexible structure `struct\nclk_hw_onecell_data` and its flexible-array member `hws` through\nthe composite structure `struct loongson2_clk_provider` in function\n`loongson2_clk_probe()`, as shown below:\n\n289 struct loongson2_clk_provider *clp;\n\t...\n296 for (p = data; p->name; p++)\n297 clks_num++;\n298\n299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num),\n300 GFP_KERNEL);\n\nThen some data is written into the flexible array:\n\n350 clp->clk_data.hws[p->id] = hw;\n\nThis corrupts `clk_lock`, which is the spinlock variable immediately\nfollowing the `clk_data` member in `struct loongson2_clk_provider`:\n\nstruct loongson2_clk_provider {\n\tvoid __iomem *base;\n\tstruct device *dev;\n\tstruct clk_hw_onecell_data clk_data;\n\tspinlock_t clk_lock;\t/* protect access to DIV registers */\n};\n\nThe problem is that the flexible structure is currently placed in the\nmiddle of `struct loongson2_clk_provider` instead of at the end.\n\nFix this by moving `struct clk_hw_onecell_data clk_data;` to the end of\n`struct loongson2_clk_provider`. Also, add a code comment to help\nprevent this from happening again in case new members are added to the\nstructure in the future.\n\nThis change also fixes the following -Wflex-array-member-not-at-end\nwarning:\n\ndrivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53193" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba0a4e11-59e4-47fc-93ac-67d7deb8ce35.json b/objects/vulnerability/vulnerability--ba0a4e11-59e4-47fc-93ac-67d7deb8ce35.json new file mode 100644 index 00000000000..2e71fc7266c --- /dev/null +++ b/objects/vulnerability/vulnerability--ba0a4e11-59e4-47fc-93ac-67d7deb8ce35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--95695046-874d-4c2a-82c3-b88a513c11bd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba0a4e11-59e4-47fc-93ac-67d7deb8ce35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.46414Z", + "modified": "2024-12-30T00:22:02.46414Z", + "name": "CVE-2024-53182", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()\"\n\nThis reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de.\n\nThe bic is associated with sync_bfqq, and bfq_release_process_ref cannot\nbe put into bfq_put_cooperator.\n\nkasan report:\n[ 400.347277] ==================================================================\n[ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230\n[ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800\n[ 400.347430]\n[ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32\n[ 400.347450] Tainted: [E]=UNSIGNED_MODULE\n[ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022\n[ 400.347460] Call Trace:\n[ 400.347464] \n[ 400.347468] dump_stack_lvl+0x5d/0x80\n[ 400.347490] print_report+0x174/0x505\n[ 400.347521] kasan_report+0xe0/0x160\n[ 400.347541] bic_set_bfqq+0x200/0x230\n[ 400.347549] bfq_bic_update_cgroup+0x419/0x740\n[ 400.347560] bfq_bio_merge+0x133/0x320\n[ 400.347584] blk_mq_submit_bio+0x1761/0x1e20\n[ 400.347625] __submit_bio+0x28b/0x7b0\n[ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30\n[ 400.347690] iomap_readahead+0x50c/0x680\n[ 400.347731] read_pages+0x17f/0x9c0\n[ 400.347785] page_cache_ra_unbounded+0x366/0x4a0\n[ 400.347795] filemap_fault+0x83d/0x2340\n[ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs]\n[ 400.349256] __do_fault+0xf1/0x610\n[ 400.349270] do_fault+0x977/0x11a0\n[ 400.349281] __handle_mm_fault+0x5d1/0x850\n[ 400.349314] handle_mm_fault+0x1f8/0x560\n[ 400.349324] do_user_addr_fault+0x324/0x970\n[ 400.349337] exc_page_fault+0x76/0xf0\n[ 400.349350] asm_exc_page_fault+0x26/0x30\n[ 400.349360] RIP: 0033:0x55a480d77375\n[ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80\n[ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216\n[ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000\n[ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000\n[ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80\n[ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008\n[ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000\n[ 400.349430] \n[ 400.349452]\n[ 400.349454] Allocated by task 5800:\n[ 400.349459] kasan_save_stack+0x30/0x50\n[ 400.349469] kasan_save_track+0x14/0x30\n[ 400.349475] __kasan_slab_alloc+0x89/0x90\n[ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0\n[ 400.349492] bfq_get_queue+0x1ef/0x1100\n[ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510\n[ 400.349511] bfq_insert_requests+0xf55/0x9030\n[ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0\n[ 400.349527] __blk_flush_plug+0x27c/0x4e0\n[ 400.349534] blk_finish_plug+0x52/0xa0\n[ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs]\n[ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs]\n[ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs]\n[ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs]\n[ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs]\n[ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs]\n[ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs]\n[ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs]\n[ 400.355197] __lookup_slow+0x19c/0x340\n[ 400.355204] lookup_one_unlocked+0xfc/0x120\n[ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay]\n[ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay]\n[ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay]\n[ 400.355351] lookup_one_qstr_excl+0xef/0x150\n[ 400.355357] do_unlinkat+0x22a/0x620\n[ 400.355366] __x64_sys_unlinkat+0x109/0x1e0\n[ 400.355375] do_syscall_64+0x82/0x160\n[ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53182" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba0b6e76-58da-449b-94fc-e6fedbf019f7.json b/objects/vulnerability/vulnerability--ba0b6e76-58da-449b-94fc-e6fedbf019f7.json new file mode 100644 index 00000000000..0c6f347cf5b --- /dev/null +++ b/objects/vulnerability/vulnerability--ba0b6e76-58da-449b-94fc-e6fedbf019f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05ae2ea1-adbe-4868-b912-a07660d8e0f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba0b6e76-58da-449b-94fc-e6fedbf019f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.394401Z", + "modified": "2024-12-30T00:22:03.394401Z", + "name": "CVE-2024-56690", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56690" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc1982ee-458e-4341-a46b-5c2e137d937d.json b/objects/vulnerability/vulnerability--bc1982ee-458e-4341-a46b-5c2e137d937d.json new file mode 100644 index 00000000000..755cc64b456 --- /dev/null +++ b/objects/vulnerability/vulnerability--bc1982ee-458e-4341-a46b-5c2e137d937d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4437bcf7-5008-4b9b-b681-910fc29e5af0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc1982ee-458e-4341-a46b-5c2e137d937d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.527434Z", + "modified": "2024-12-30T00:22:03.527434Z", + "name": "CVE-2024-56718", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: protect link down work from execute after lgr freed\n\nlink down work may be scheduled before lgr freed but execute\nafter lgr freed, which may result in crash. So it is need to\nhold a reference before shedule link down work, and put the\nreference after work executed or canceled.\n\nThe relevant crash call stack as follows:\n list_del corruption. prev->next should be ffffb638c9c0fe20,\n but was 0000000000000000\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:51!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1\n Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014\n Workqueue: events smc_link_down_work [smc]\n RIP: 0010:__list_del_entry_valid.cold+0x31/0x47\n RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086\n RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000\n RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80\n RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38\n R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002\n R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0\n FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n rwsem_down_write_slowpath+0x17e/0x470\n smc_link_down_work+0x3c/0x60 [smc]\n process_one_work+0x1ac/0x350\n worker_thread+0x49/0x2f0\n ? rescuer_thread+0x360/0x360\n kthread+0x118/0x140\n ? __kthread_bind_mask+0x60/0x60\n ret_from_fork+0x1f/0x30", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56718" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be165f02-f1c7-40c5-ac81-0bc32fdace64.json b/objects/vulnerability/vulnerability--be165f02-f1c7-40c5-ac81-0bc32fdace64.json new file mode 100644 index 00000000000..3a258d14f49 --- /dev/null +++ b/objects/vulnerability/vulnerability--be165f02-f1c7-40c5-ac81-0bc32fdace64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e817d483-f994-41d8-9d28-a615d8322136", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be165f02-f1c7-40c5-ac81-0bc32fdace64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.56299Z", + "modified": "2024-12-30T00:22:01.56299Z", + "name": "CVE-2024-12856", + "description": "The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12856" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0c85790-d6a2-4e84-b8a8-676ec9e83e82.json b/objects/vulnerability/vulnerability--c0c85790-d6a2-4e84-b8a8-676ec9e83e82.json new file mode 100644 index 00000000000..6ed5296e8cd --- /dev/null +++ b/objects/vulnerability/vulnerability--c0c85790-d6a2-4e84-b8a8-676ec9e83e82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16e87f57-1f75-47bd-af77-ae4c320189b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0c85790-d6a2-4e84-b8a8-676ec9e83e82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.505294Z", + "modified": "2024-12-30T00:22:03.505294Z", + "name": "CVE-2024-56566", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: Avoid list corruption when removing a slab from the full list\n\nBoot with slub_debug=UFPZ.\n\nIf allocated object failed in alloc_consistency_checks, all objects of\nthe slab will be marked as used, and then the slab will be removed from\nthe partial list.\n\nWhen an object belonging to the slab got freed later, the remove_full()\nfunction is called. Because the slab is neither on the partial list nor\non the full list, it eventually lead to a list corruption (actually a\nlist poison being detected).\n\nSo we need to mark and isolate the slab page with metadata corruption,\ndo not put it back in circulation.\n\nBecause the debug caches avoid all the fastpaths, reusing the frozen bit\nto mark slab page with metadata corruption seems to be fine.\n\n[ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100)\n[ 4277.387023] ------------[ cut here ]------------\n[ 4277.387880] kernel BUG at lib/list_debug.c:56!\n[ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1\n[ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs]\n[ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91\n[ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082\n[ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000\n[ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff\n[ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0\n[ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910\n[ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0\n[ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000\n[ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0\n[ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4277.410000] PKRU: 55555554\n[ 4277.410645] Call Trace:\n[ 4277.411234] \n[ 4277.411777] ? die+0x32/0x80\n[ 4277.412439] ? do_trap+0xd6/0x100\n[ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.414158] ? do_error_trap+0x6a/0x90\n[ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.415915] ? exc_invalid_op+0x4c/0x60\n[ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.417675] ? asm_exc_invalid_op+0x16/0x20\n[ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0\n[ 4277.420410] free_to_partial_list+0x515/0x5e0\n[ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs]\n[ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs]\n[ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs]\n[ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs]\n[ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs]\n[ 4277.428567] xfs_inactive+0x22d/0x290 [xfs]\n[ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs]\n[ 4277.430479] process_one_work+0x171/0x340\n[ 4277.431227] worker_thread+0x277/0x390\n[ 4277.431962] ? __pfx_worker_thread+0x10/0x10\n[ 4277.432752] kthread+0xf0/0x120\n[ 4277.433382] ? __pfx_kthread+0x10/0x10\n[ 4277.434134] ret_from_fork+0x2d/0x50\n[ 4277.434837] ? __pfx_kthread+0x10/0x10\n[ 4277.435566] ret_from_fork_asm+0x1b/0x30\n[ 4277.436280] ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2449a04-0803-4b46-817c-1c851deffbfc.json b/objects/vulnerability/vulnerability--c2449a04-0803-4b46-817c-1c851deffbfc.json new file mode 100644 index 00000000000..81fa49aa8f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2449a04-0803-4b46-817c-1c851deffbfc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61baf35f-4414-461b-9b0d-d3b79950b426", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2449a04-0803-4b46-817c-1c851deffbfc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.40027Z", + "modified": "2024-12-30T00:22:03.40027Z", + "name": "CVE-2024-56672", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Fix UAF in blkcg_unpin_online()\n\nblkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To\nwalk up, it uses blkcg_parent(blkcg) but it was calling that after\nblkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the\nfollowing UAF:\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270\n Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117\n\n CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022\n Workqueue: cgwb_release cgwb_release_workfn\n Call Trace:\n \n dump_stack_lvl+0x27/0x80\n print_report+0x151/0x710\n kasan_report+0xc0/0x100\n blkcg_unpin_online+0x15a/0x270\n cgwb_release_workfn+0x194/0x480\n process_scheduled_works+0x71b/0xe20\n worker_thread+0x82a/0xbd0\n kthread+0x242/0x2c0\n ret_from_fork+0x33/0x70\n ret_from_fork_asm+0x1a/0x30\n \n ...\n Freed by task 1944:\n kasan_save_track+0x2b/0x70\n kasan_save_free_info+0x3c/0x50\n __kasan_slab_free+0x33/0x50\n kfree+0x10c/0x330\n css_free_rwork_fn+0xe6/0xb30\n process_scheduled_works+0x71b/0xe20\n worker_thread+0x82a/0xbd0\n kthread+0x242/0x2c0\n ret_from_fork+0x33/0x70\n ret_from_fork_asm+0x1a/0x30\n\nNote that the UAF is not easy to trigger as the free path is indirected\nbehind a couple RCU grace periods and a work item execution. I could only\ntrigger it with artifical msleep() injected in blkcg_unpin_online().\n\nFix it by reading the parent pointer before destroying the blkcg's blkg's.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56672" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2cbe279-f379-4ff8-9575-dbc28c1cb1a0.json b/objects/vulnerability/vulnerability--c2cbe279-f379-4ff8-9575-dbc28c1cb1a0.json new file mode 100644 index 00000000000..f1b61acb765 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2cbe279-f379-4ff8-9575-dbc28c1cb1a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb9f1868-1be8-4eb6-805d-77a9c49ff102", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2cbe279-f379-4ff8-9575-dbc28c1cb1a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.426909Z", + "modified": "2024-12-30T00:22:03.426909Z", + "name": "CVE-2024-56547", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix missed RCU barrier on deoffloading\n\nCurrently, running rcutorture test with torture_type=rcu fwd_progress=8\nn_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60\ntest_boost=2, will trigger the following warning:\n\n\tWARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0\n\tRIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0\n\t Call Trace:\n\t \n\t ? __warn+0x7e/0x120\n\t ? rcu_nocb_rdp_deoffload+0x292/0x2a0\n\t ? report_bug+0x18e/0x1a0\n\t ? handle_bug+0x3d/0x70\n\t ? exc_invalid_op+0x18/0x70\n\t ? asm_exc_invalid_op+0x1a/0x20\n\t ? rcu_nocb_rdp_deoffload+0x292/0x2a0\n\t rcu_nocb_cpu_deoffload+0x70/0xa0\n\t rcu_nocb_toggle+0x136/0x1c0\n\t ? __pfx_rcu_nocb_toggle+0x10/0x10\n\t kthread+0xd1/0x100\n\t ? __pfx_kthread+0x10/0x10\n\t ret_from_fork+0x2f/0x50\n\t ? __pfx_kthread+0x10/0x10\n\t ret_from_fork_asm+0x1a/0x30\n\t \n\nCPU0 CPU2 CPU3\n//rcu_nocb_toggle //nocb_cb_wait //rcutorture\n\n// deoffload CPU1 // process CPU1's rdp\nrcu_barrier()\n rcu_segcblist_entrain()\n rcu_segcblist_add_len(1);\n // len == 2\n // enqueue barrier\n // callback to CPU1's\n // rdp->cblist\n rcu_do_batch()\n // invoke CPU1's rdp->cblist\n // callback\n rcu_barrier_callback()\n rcu_barrier()\n mutex_lock(&rcu_state.barrier_mutex);\n // still see len == 2\n // enqueue barrier callback\n // to CPU1's rdp->cblist\n rcu_segcblist_entrain()\n rcu_segcblist_add_len(1);\n // len == 3\n // decrement len\n rcu_segcblist_add_len(-2);\n kthread_parkme()\n\n// CPU1's rdp->cblist len == 1\n// Warn because there is\n// still a pending barrier\n// trigger warning\nWARN_ON_ONCE(rcu_segcblist_n_cbs(&rdp->cblist));\ncpus_read_unlock();\n\n // wait CPU1 to comes online and\n // invoke barrier callback on\n // CPU1 rdp's->cblist\n wait_for_completion(&rcu_state.barrier_completion);\n// deoffload CPU4\ncpus_read_lock()\n rcu_barrier()\n mutex_lock(&rcu_state.barrier_mutex);\n // block on barrier_mutex\n // wait rcu_barrier() on\n // CPU3 to unlock barrier_mutex\n // but CPU3 unlock barrier_mutex\n // need to wait CPU1 comes online\n // when CPU1 going online will block on cpus_write_lock\n\nThe above scenario will not only trigger a WARN_ON_ONCE(), but also\ntrigger a deadlock.\n\nThanks to nocb locking, a second racing rcu_barrier() on an offline CPU\nwill either observe the decremented callback counter down to 0 and spare\nthe callback enqueue, or rcuo will observe the new callback and keep\nrdp->nocb_cb_sleep to false.\n\nTherefore check rdp->nocb_cb_sleep before parking to make sure no\nfurther rcu_barrier() is waiting on the rdp.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c37471b8-8801-4412-80a7-6c72acf42078.json b/objects/vulnerability/vulnerability--c37471b8-8801-4412-80a7-6c72acf42078.json new file mode 100644 index 00000000000..623781f2b6e --- /dev/null +++ b/objects/vulnerability/vulnerability--c37471b8-8801-4412-80a7-6c72acf42078.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76c40674-5d43-494c-832f-f87264eb4102", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c37471b8-8801-4412-80a7-6c72acf42078", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.552895Z", + "modified": "2024-12-30T00:22:03.552895Z", + "name": "CVE-2024-56633", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg->sg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret < 0), we may\n miss uncharging (msg->sg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg->sg.size;\n416 if (psock->apply_bytes && psock->apply_bytes < tosend)\n417 tosend = psock->apply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg->sg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg->sg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret < 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret < 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg->sg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3b4ea6b-8993-4f16-9058-1836b6a33020.json b/objects/vulnerability/vulnerability--c3b4ea6b-8993-4f16-9058-1836b6a33020.json new file mode 100644 index 00000000000..62702335963 --- /dev/null +++ b/objects/vulnerability/vulnerability--c3b4ea6b-8993-4f16-9058-1836b6a33020.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66614510-565c-4898-affc-226fb5fae8c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3b4ea6b-8993-4f16-9058-1836b6a33020", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.483222Z", + "modified": "2024-12-30T00:22:02.483222Z", + "name": "CVE-2024-53186", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in SMB request handling\n\nA race condition exists between SMB request handling in\n`ksmbd_conn_handler_loop()` and the freeing of `ksmbd_conn` in the\nworkqueue handler `handle_ksmbd_work()`. This leads to a UAF.\n- KASAN: slab-use-after-free Read in handle_ksmbd_work\n- KASAN: slab-use-after-free in rtlock_slowlock_locked\n\nThis race condition arises as follows:\n- `ksmbd_conn_handler_loop()` waits for `conn->r_count` to reach zero:\n `wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0);`\n- Meanwhile, `handle_ksmbd_work()` decrements `conn->r_count` using\n `atomic_dec_return(&conn->r_count)`, and if it reaches zero, calls\n `ksmbd_conn_free()`, which frees `conn`.\n- However, after `handle_ksmbd_work()` decrements `conn->r_count`,\n it may still access `conn->r_count_q` in the following line:\n `waitqueue_active(&conn->r_count_q)` or `wake_up(&conn->r_count_q)`\n This results in a UAF, as `conn` has already been freed.\n\nThe discovery of this UAF can be referenced in the following PR for\nsyzkaller's support for SMB requests.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53186" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4036217-c5dd-4cce-99b1-5c7e80e197c6.json b/objects/vulnerability/vulnerability--c4036217-c5dd-4cce-99b1-5c7e80e197c6.json new file mode 100644 index 00000000000..949b276407b --- /dev/null +++ b/objects/vulnerability/vulnerability--c4036217-c5dd-4cce-99b1-5c7e80e197c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7d3fc1b-6b5c-4f07-8314-70e84664e228", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4036217-c5dd-4cce-99b1-5c7e80e197c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.458279Z", + "modified": "2024-12-30T00:22:03.458279Z", + "name": "CVE-2024-56607", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()\n\nWhen I try to manually set bitrates:\n\niw wlan0 set bitrates legacy-2.4 1\n\nI get sleeping from invalid context error, see below. Fix that by switching to\nuse recently introduced ieee80211_iterate_stations_mtx().\n\nDo note that WCN6855 firmware is still crashing, I'm not sure if that firmware\neven supports bitrate WMI commands and should we consider disabling\nath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch.\n\nBUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420\nin_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw\npreempt_count: 0, expected: 0\nRCU nest depth: 1, expected: 0\n3 locks held by iw/2236:\n #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40\n #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211]\n #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211]\nCPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772\nHardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021\nCall Trace:\n \n dump_stack_lvl+0xa4/0xe0\n dump_stack+0x10/0x20\n __might_resched+0x363/0x5a0\n ? __alloc_skb+0x165/0x340\n __might_sleep+0xad/0x160\n ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k]\n ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k]\n ? __netdev_alloc_skb+0x45/0x7b0\n ? __asan_memset+0x39/0x40\n ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k]\n ? reacquire_held_locks+0x4d0/0x4d0\n ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k]\n ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k]\n ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k]\n ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211]\n ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k]\n ? ath12k_mac_vif_chan+0x320/0x320 [ath12k]\n drv_set_bitrate_mask+0x267/0x470 [mac80211]\n ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211]\n ? __this_cpu_preempt_check+0x13/0x20\n nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? trace_contention_end+0xef/0x140\n ? rtnl_unlock+0x9/0x10\n ? nl80211_pre_doit+0x557/0x800 [cfg80211]\n genl_family_rcv_msg_doit+0x1f0/0x2e0\n ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250\n ? ns_capable+0x57/0xd0\n genl_family_rcv_msg+0x34c/0x600\n ? genl_family_rcv_msg_dumpit+0x310/0x310\n ? __lock_acquire+0xc62/0x1de0\n ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211]\n ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211]\n ? cfg80211_external_auth_request+0x690/0x690 [cfg80211]\n genl_rcv_msg+0xa0/0x130\n netlink_rcv_skb+0x14c/0x400\n ? genl_family_rcv_msg+0x600/0x600\n ? netlink_ack+0xd70/0xd70\n ? rwsem_optimistic_spin+0x4f0/0x4f0\n ? genl_rcv+0x14/0x40\n ? down_read_killable+0x580/0x580\n ? netlink_deliver_tap+0x13e/0x350\n ? __this_cpu_preempt_check+0x13/0x20\n genl_rcv+0x23/0x40\n netlink_unicast+0x45e/0x790\n ? netlink_attachskb+0x7f0/0x7f0\n netlink_sendmsg+0x7eb/0xdb0\n ? netlink_unicast+0x790/0x790\n ? __this_cpu_preempt_check+0x13/0x20\n ? selinux_socket_sendmsg+0x31/0x40\n ? netlink_unicast+0x790/0x790\n __sock_sendmsg+0xc9/0x160\n ____sys_sendmsg+0x620/0x990\n ? kernel_sendmsg+0x30/0x30\n ? __copy_msghdr+0x410/0x410\n ? __kasan_check_read+0x11/0x20\n ? mark_lock+0xe6/0x1470\n ___sys_sendmsg+0xe9/0x170\n ? copy_msghdr_from_user+0x120/0x120\n ? __lock_acquire+0xc62/0x1de0\n ? do_fault_around+0x2c6/0x4e0\n ? do_user_addr_fault+0x8c1/0xde0\n ? reacquire_held_locks+0x220/0x4d0\n ? do_user_addr_fault+0x8c1/0xde0\n ? __kasan_check_read+0x11/0x20\n ? __fdget+0x4e/0x1d0\n ? sockfd_lookup_light+0x1a/0x170\n __sys_sendmsg+0xd2/0x180\n ? __sys_sendmsg_sock+0x20/0x20\n ? reacquire_held_locks+0x4d0/0x4d0\n ? debug_smp_processor_id+0x17/0x20\n __x64_sys_sendmsg+0x72/0xb0\n ? lockdep_hardirqs_on+0x7d/0x100\n x64_sys_call+0x894/0x9f0\n do_syscall_64+0x64/0x130\n entry_SYSCALL_64_after_\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5232995-969b-4ec8-abce-5dcfbe5a2ae7.json b/objects/vulnerability/vulnerability--c5232995-969b-4ec8-abce-5dcfbe5a2ae7.json new file mode 100644 index 00000000000..dc9cb051ec3 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5232995-969b-4ec8-abce-5dcfbe5a2ae7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65026f9b-75f6-4424-996b-caddfea71004", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5232995-969b-4ec8-abce-5dcfbe5a2ae7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.51252Z", + "modified": "2024-12-30T00:22:03.51252Z", + "name": "CVE-2024-56714", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: no double destroy workqueue\n\nThere are some FW error handling paths that can cause us to\ntry to destroy the workqueue more than once, so let's be sure\nwe're checking for that.\n\nThe case where this popped up was in an AER event where the\nhandlers got called in such a way that ionic_reset_prepare()\nand thus ionic_dev_teardown() got called twice in a row.\nThe second time through the workqueue was already destroyed,\nand destroy_workqueue() choked on the bad wq pointer.\n\nWe didn't hit this in AER handler testing before because at\nthat time we weren't using a private workqueue. Later we\nreplaced the use of the system workqueue with our own private\nworkqueue but hadn't rerun the AER handler testing since then.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56714" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5951e95-81be-4ff8-8a19-5ff07dac3667.json b/objects/vulnerability/vulnerability--c5951e95-81be-4ff8-8a19-5ff07dac3667.json new file mode 100644 index 00000000000..d5c03f84813 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5951e95-81be-4ff8-8a19-5ff07dac3667.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ecc6de81-9b24-40c6-a35a-533aaccfd124", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5951e95-81be-4ff8-8a19-5ff07dac3667", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.504136Z", + "modified": "2024-12-30T00:22:03.504136Z", + "name": "CVE-2024-56667", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix NULL pointer dereference in capture_engine\n\nWhen the intel_context structure contains NULL,\nit raises a NULL pointer dereference error in drm_info().\n\n(cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c744b7d3-731f-494b-b651-e4b953c3989c.json b/objects/vulnerability/vulnerability--c744b7d3-731f-494b-b651-e4b953c3989c.json new file mode 100644 index 00000000000..4c52b2d8620 --- /dev/null +++ b/objects/vulnerability/vulnerability--c744b7d3-731f-494b-b651-e4b953c3989c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0f937eb-8711-4271-8b00-410ab85111cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c744b7d3-731f-494b-b651-e4b953c3989c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.415539Z", + "modified": "2024-12-30T00:22:02.415539Z", + "name": "CVE-2024-53205", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: realtek: usb: fix NULL deref in rtk_usb2phy_probe\n\nIn rtk_usb2phy_probe() devm_kzalloc() may return NULL\nbut this returned value is not checked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7662fb0-0043-488f-9418-49b93e8d36ab.json b/objects/vulnerability/vulnerability--c7662fb0-0043-488f-9418-49b93e8d36ab.json new file mode 100644 index 00000000000..d8b3a93705d --- /dev/null +++ b/objects/vulnerability/vulnerability--c7662fb0-0043-488f-9418-49b93e8d36ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9f4ccdb-1dcc-4c99-a38e-0f984f3df3c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7662fb0-0043-488f-9418-49b93e8d36ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.42031Z", + "modified": "2024-12-30T00:22:02.42031Z", + "name": "CVE-2024-53200", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp\n\nThis commit addresses a null pointer dereference issue in\nhwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is\nnull. The fix adds a check to ensure `pipe_ctx->plane_state` is not null\nbefore accessing. This prevents a null pointer dereference.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7b5b0e4-e076-4d78-86c8-5e91717bfd79.json b/objects/vulnerability/vulnerability--c7b5b0e4-e076-4d78-86c8-5e91717bfd79.json new file mode 100644 index 00000000000..2013074f9db --- /dev/null +++ b/objects/vulnerability/vulnerability--c7b5b0e4-e076-4d78-86c8-5e91717bfd79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db67e050-6f91-4daa-8f48-c19b54d6ec06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7b5b0e4-e076-4d78-86c8-5e91717bfd79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.60204Z", + "modified": "2024-12-30T00:22:01.60204Z", + "name": "CVE-2024-12982", + "description": "A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7f61b52-a85a-4fe7-8b9b-ded12ec4189c.json b/objects/vulnerability/vulnerability--c7f61b52-a85a-4fe7-8b9b-ded12ec4189c.json new file mode 100644 index 00000000000..ef372fe4cbd --- /dev/null +++ b/objects/vulnerability/vulnerability--c7f61b52-a85a-4fe7-8b9b-ded12ec4189c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b130fdf-8189-43be-a670-1e90e2bb3af9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7f61b52-a85a-4fe7-8b9b-ded12ec4189c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.431945Z", + "modified": "2024-12-30T00:22:03.431945Z", + "name": "CVE-2024-56616", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n index -1 is out of range for type 'u8 [48]'\n Call Trace:\n drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n memcpy: detected field-spanning write (size 18446744073709551615) of single field \"&msg->msg[msg->curlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n Call Trace:\n drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56616" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c80e5d55-2b38-4e17-9328-40b39898e05f.json b/objects/vulnerability/vulnerability--c80e5d55-2b38-4e17-9328-40b39898e05f.json new file mode 100644 index 00000000000..ad02628dad1 --- /dev/null +++ b/objects/vulnerability/vulnerability--c80e5d55-2b38-4e17-9328-40b39898e05f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35800378-ed86-45aa-8bd7-6553e3fd70c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c80e5d55-2b38-4e17-9328-40b39898e05f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.486317Z", + "modified": "2024-12-30T00:22:02.486317Z", + "name": "CVE-2024-53199", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: imx-audmix: Add NULL check in imx_audmix_probe\n\ndevm_kasprintf() can return a NULL pointer on failure,but this\nreturned value in imx_audmix_probe() is not checked.\nAdd NULL check in imx_audmix_probe(), to handle kernel NULL\npointer dereference error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53199" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8beb5d0-8977-43c8-9570-eb2e872b2046.json b/objects/vulnerability/vulnerability--c8beb5d0-8977-43c8-9570-eb2e872b2046.json new file mode 100644 index 00000000000..f3e1c5f7c97 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8beb5d0-8977-43c8-9570-eb2e872b2046.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a038221a-c3d0-490c-9308-a8ad9b8eaae7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8beb5d0-8977-43c8-9570-eb2e872b2046", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.591621Z", + "modified": "2024-12-30T00:22:03.591621Z", + "name": "CVE-2024-56652", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Remove register pool\n\nThat pool implementation doesn't really work: if the krealloc happens to\nmove the memory and return another address, the entries in the xarray\nbecome invalid, leading to use-after-free later:\n\n\tBUG: KASAN: slab-use-after-free in xe_reg_sr_apply_mmio+0x570/0x760 [xe]\n\tRead of size 4 at addr ffff8881244b2590 by task modprobe/2753\n\n\tAllocated by task 2753:\n\t kasan_save_stack+0x39/0x70\n\t kasan_save_track+0x14/0x40\n\t kasan_save_alloc_info+0x37/0x60\n\t __kasan_kmalloc+0xc3/0xd0\n\t __kmalloc_node_track_caller_noprof+0x200/0x6d0\n\t krealloc_noprof+0x229/0x380\n\nSimplify the code to fix the bug. A better pooling strategy may be added\nback later if needed.\n\n(cherry picked from commit e5283bd4dfecbd3335f43b62a68e24dae23f59e4)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c96b1c3b-abfd-472d-ba17-7eba79477c7e.json b/objects/vulnerability/vulnerability--c96b1c3b-abfd-472d-ba17-7eba79477c7e.json new file mode 100644 index 00000000000..f914eb401b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c96b1c3b-abfd-472d-ba17-7eba79477c7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--83055854-a7fc-4456-9054-9e522524eea3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c96b1c3b-abfd-472d-ba17-7eba79477c7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.965252Z", + "modified": "2024-12-30T00:22:03.965252Z", + "name": "CVE-2024-13015", + "description": "A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c976512b-f37d-4d4b-8a87-23f0c8e12a74.json b/objects/vulnerability/vulnerability--c976512b-f37d-4d4b-8a87-23f0c8e12a74.json new file mode 100644 index 00000000000..bc47b0f4980 --- /dev/null +++ b/objects/vulnerability/vulnerability--c976512b-f37d-4d4b-8a87-23f0c8e12a74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4d45afd-e192-4632-aa39-795f39e04102", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c976512b-f37d-4d4b-8a87-23f0c8e12a74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.386109Z", + "modified": "2024-12-30T00:22:02.386109Z", + "name": "CVE-2024-53175", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: fix memleak if msg_init_ns failed in create_ipc_ns\n\nPercpu memory allocation may failed during create_ipc_ns however this\nfail is not handled properly since ipc sysctls and mq sysctls is not\nreleased properly. Fix this by release these two resource when failure.\n\nHere is the kmemleak stack when percpu failed:\n\nunreferenced object 0xffff88819de2a600 (size 512):\n comm \"shmem_2nstest\", pid 120711, jiffies 4300542254\n hex dump (first 32 bytes):\n 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H.....\n 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V.....\n backtrace (crc be7cba35):\n [] __kmalloc_node_track_caller_noprof+0x333/0x420\n [] kmemdup_noprof+0x26/0x50\n [] setup_mq_sysctls+0x57/0x1d0\n [] copy_ipcs+0x29c/0x3b0\n [] create_new_namespaces+0x1d0/0x920\n [] copy_namespaces+0x2e9/0x3e0\n [] copy_process+0x29f3/0x7ff0\n [] kernel_clone+0xc0/0x650\n [] __do_sys_clone+0xa1/0xe0\n [] do_syscall_64+0xbf/0x1c0\n [] entry_SYSCALL_64_after_hwframe+0x4b/0x53", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca76ab2a-b1f2-40fd-84a6-441e9fd360a4.json b/objects/vulnerability/vulnerability--ca76ab2a-b1f2-40fd-84a6-441e9fd360a4.json new file mode 100644 index 00000000000..01a7b053b6a --- /dev/null +++ b/objects/vulnerability/vulnerability--ca76ab2a-b1f2-40fd-84a6-441e9fd360a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--34db0788-e20f-4e04-90d1-3377220699d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca76ab2a-b1f2-40fd-84a6-441e9fd360a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.444815Z", + "modified": "2024-12-30T00:22:03.444815Z", + "name": "CVE-2024-56699", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix potential double remove of hotplug slot\n\nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the\ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to\nzpci_release_device() with the intention of keeping the hotplug slot\naround until the device is actually removed.\n\nNow zpci_release_device() is only called once all references are\ndropped. Since the zPCI subsystem only drops its reference once the\ndevice is in the reserved state it follows that zpci_release_device()\nmust only deal with devices in the reserved state. Despite that it\ncontains code to tear down from both configured and standby state. For\nthe standby case this already includes the removal of the hotplug slot\nso would cause a double removal if a device was ever removed in\neither configured or standby state.\n\nInstead of causing a potential double removal in a case that should\nnever happen explicitly WARN_ON() if a device in non-reserved state is\nreleased and get rid of the dead code cases.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cabad925-2a20-4d11-8b23-6cfddedd3fb5.json b/objects/vulnerability/vulnerability--cabad925-2a20-4d11-8b23-6cfddedd3fb5.json new file mode 100644 index 00000000000..3f906cbfc69 --- /dev/null +++ b/objects/vulnerability/vulnerability--cabad925-2a20-4d11-8b23-6cfddedd3fb5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6660a2fc-64c1-435a-9f73-ac5718ecb3c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cabad925-2a20-4d11-8b23-6cfddedd3fb5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.541377Z", + "modified": "2024-12-30T00:22:03.541377Z", + "name": "CVE-2024-56687", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: Fix hardware lockup on first Rx endpoint request\n\nThere is a possibility that a request's callback could be invoked from\nusb_ep_queue() (call trace below, supplemented with missing calls):\n\nreq->complete from usb_gadget_giveback_request\n\t(drivers/usb/gadget/udc/core.c:999)\nusb_gadget_giveback_request from musb_g_giveback\n\t(drivers/usb/musb/musb_gadget.c:147)\nmusb_g_giveback from rxstate\n\t(drivers/usb/musb/musb_gadget.c:784)\nrxstate from musb_ep_restart\n\t(drivers/usb/musb/musb_gadget.c:1169)\nmusb_ep_restart from musb_ep_restart_resume_work\n\t(drivers/usb/musb/musb_gadget.c:1176)\nmusb_ep_restart_resume_work from musb_queue_resume_work\n\t(drivers/usb/musb/musb_core.c:2279)\nmusb_queue_resume_work from musb_gadget_queue\n\t(drivers/usb/musb/musb_gadget.c:1241)\nmusb_gadget_queue from usb_ep_queue\n\t(drivers/usb/gadget/udc/core.c:300)\n\nAccording to the docstring of usb_ep_queue(), this should not happen:\n\n\"Note that @req's ->complete() callback must never be called from within\nusb_ep_queue() as that can create deadlock situations.\"\n\nIn fact, a hardware lockup might occur in the following sequence:\n\n1. The gadget is initialized using musb_gadget_enable().\n2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an\n interrupt.\n3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an\n empty queue (next_request() returns NULL). The interrupt flag has\n already been cleared by the glue layer handler, but the RXPKTRDY flag\n remains set.\n4. The first request is enqueued using usb_ep_queue(), leading to the call\n of req->complete(), as shown in the call trace above.\n5. If the callback enables IRQs and another packet is waiting, step (3)\n repeats. The request queue is empty because usb_g_giveback() removes the\n request before invoking the callback.\n6. The endpoint remains locked up, as the interrupt triggered by hardware\n setting the RXPKTRDY flag has been handled, but the flag itself remains\n set.\n\nFor this scenario to occur, it is only necessary for IRQs to be enabled at\nsome point during the complete callback. This happens with the USB Ethernet\ngadget, whose rx_complete() callback calls netif_rx(). If called in the\ntask context, netif_rx() disables the bottom halves (BHs). When the BHs are\nre-enabled, IRQs are also enabled to allow soft IRQs to be processed. The\ngadget itself is initialized at module load (or at boot if built-in), but\nthe first request is enqueued when the network interface is brought up,\ntriggering rx_complete() in the task context via ioctl(). If a packet\narrives while the interface is down, it can prevent the interface from\nreceiving any further packets from the USB host.\n\nThe situation is quite complicated with many parties involved. This\nparticular issue can be resolved in several possible ways:\n\n1. Ensure that callbacks never enable IRQs. This would be difficult to\n enforce, as discovering how netif_rx() interacts with interrupts was\n already quite challenging and u_ether is not the only function driver.\n Similar \"bugs\" could be hidden in other drivers as well.\n2. Disable MUSB interrupts in musb_g_giveback() before calling the callback\n and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(),\n for example). This would ensure that MUSB interrupts are not handled\n during the callback, even if IRQs are enabled. In fact, it would allow\n IRQs to be enabled when releasing the lock. However, this feels like an\n inelegant hack.\n3. Modify the interrupt handler to clear the RXPKTRDY flag if the request\n queue is empty. While this approach also feels like a hack, it wastes\n CPU time by attempting to handle incoming packets when the software is\n not ready to process them.\n4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart().\n This ensures that the hardware can receive packets when there is at\n least one request in the queue. Once I\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc6411f1-dd5e-4d61-9e7a-e719d96a0869.json b/objects/vulnerability/vulnerability--cc6411f1-dd5e-4d61-9e7a-e719d96a0869.json new file mode 100644 index 00000000000..63dde7fac63 --- /dev/null +++ b/objects/vulnerability/vulnerability--cc6411f1-dd5e-4d61-9e7a-e719d96a0869.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13df478c-4dad-4a2b-b5e6-e97c85bb1d22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc6411f1-dd5e-4d61-9e7a-e719d96a0869", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.444788Z", + "modified": "2024-12-30T00:22:02.444788Z", + "name": "CVE-2024-53180", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: Add sanity NULL check for the default mmap fault handler\n\nA driver might allow the mmap access before initializing its\nruntime->dma_area properly. Add a proper NULL check before passing to\nvirt_to_page() for avoiding a panic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53180" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cced4cbb-7c5a-4fa7-868c-1746dacc8ed7.json b/objects/vulnerability/vulnerability--cced4cbb-7c5a-4fa7-868c-1746dacc8ed7.json new file mode 100644 index 00000000000..490d26070e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--cced4cbb-7c5a-4fa7-868c-1746dacc8ed7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41f23acc-9799-4a3c-9876-64b83f4de20b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cced4cbb-7c5a-4fa7-868c-1746dacc8ed7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.451739Z", + "modified": "2024-12-30T00:22:03.451739Z", + "name": "CVE-2024-56655", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not defer rule destruction via call_rcu\n\nnf_tables_chain_destroy can sleep, it can't be used from call_rcu\ncallbacks.\n\nMoreover, nf_tables_rule_release() is only safe for error unwinding,\nwhile transaction mutex is held and the to-be-desroyed rule was not\nexposed to either dataplane or dumps, as it deactives+frees without\nthe required synchronize_rcu() in-between.\n\nnft_rule_expr_deactivate() callbacks will change ->use counters\nof other chains/sets, see e.g. nft_lookup .deactivate callback, these\nmust be serialized via transaction mutex.\n\nAlso add a few lockdep asserts to make this more explicit.\n\nCalling synchronize_rcu() isn't ideal, but fixing this without is hard\nand way more intrusive. As-is, we can get:\n\nWARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x..\nWorkqueue: events nf_tables_trans_destroy_work\nRIP: 0010:nft_set_destroy+0x3fe/0x5c0\nCall Trace:\n \n nf_tables_trans_destroy_work+0x6b7/0xad0\n process_one_work+0x64a/0xce0\n worker_thread+0x613/0x10d0\n\nIn case the synchronize_rcu becomes an issue, we can explore alternatives.\n\nOne way would be to allocate nft_trans_rule objects + one nft_trans_chain\nobject, deactivate the rules + the chain and then defer the freeing to the\nnft destroy workqueue. We'd still need to keep the synchronize_rcu path as\na fallback to handle -ENOMEM corner cases though.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cd8ce3a1-2a54-4326-91d9-3a156283c6fd.json b/objects/vulnerability/vulnerability--cd8ce3a1-2a54-4326-91d9-3a156283c6fd.json new file mode 100644 index 00000000000..d617c8e8c21 --- /dev/null +++ b/objects/vulnerability/vulnerability--cd8ce3a1-2a54-4326-91d9-3a156283c6fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2094dba-6828-44a4-9932-ca27669675cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cd8ce3a1-2a54-4326-91d9-3a156283c6fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.952072Z", + "modified": "2024-12-30T00:22:03.952072Z", + "name": "CVE-2024-13019", + "description": "A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce4014cf-8156-4976-a388-f8d86c601eb4.json b/objects/vulnerability/vulnerability--ce4014cf-8156-4976-a388-f8d86c601eb4.json new file mode 100644 index 00000000000..a6ce00542a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce4014cf-8156-4976-a388-f8d86c601eb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9bbec657-9020-4e0a-9425-810745c1f945", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce4014cf-8156-4976-a388-f8d86c601eb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:18.014452Z", + "modified": "2024-12-30T00:22:18.014452Z", + "name": "CVE-2020-1822", + "description": "There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)\n\nThe seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-1822" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce82c53c-0299-4a2b-bf7b-e5a0287bcea0.json b/objects/vulnerability/vulnerability--ce82c53c-0299-4a2b-bf7b-e5a0287bcea0.json new file mode 100644 index 00000000000..915d57644e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce82c53c-0299-4a2b-bf7b-e5a0287bcea0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a5628f4e-eb35-4ffe-b5a5-4261ec5fa203", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce82c53c-0299-4a2b-bf7b-e5a0287bcea0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.499993Z", + "modified": "2024-12-30T00:22:03.499993Z", + "name": "CVE-2024-56688", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce856f47-13ba-4119-8ea0-45cbe96e4456.json b/objects/vulnerability/vulnerability--ce856f47-13ba-4119-8ea0-45cbe96e4456.json new file mode 100644 index 00000000000..12e564d8c78 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce856f47-13ba-4119-8ea0-45cbe96e4456.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f274be8-e35e-401b-b762-85d3a6747085", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce856f47-13ba-4119-8ea0-45cbe96e4456", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.403916Z", + "modified": "2024-12-30T00:22:02.403916Z", + "name": "CVE-2024-53198", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen: Fix the issue of resource not being properly released in xenbus_dev_probe()\n\nThis patch fixes an issue in the function xenbus_dev_probe(). In the\nxenbus_dev_probe() function, within the if (err) branch at line 313, the\nprogram incorrectly returns err directly without releasing the resources\nallocated by err = drv->probe(dev, id). As the return value is non-zero,\nthe upper layers assume the processing logic has failed. However, the probe\noperation was performed earlier without a corresponding remove operation.\nSince the probe actually allocates resources, failing to perform the remove\noperation could lead to problems.\n\nTo fix this issue, we followed the resource release logic of the\nxenbus_dev_remove() function by adding a new block fail_remove before the\nfail_put block. After entering the branch if (err) at line 313, the\nfunction will use a goto statement to jump to the fail_remove block,\nensuring that the previously acquired resources are correctly released,\nthus preventing the reference count leak.\n\nThis bug was identified by an experimental static analysis tool developed\nby our team. The tool specializes in analyzing reference count operations\nand detecting potential issues where resources are not properly managed.\nIn this case, the tool flagged the missing release operation as a\npotential problem, which led to the development of this patch.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53198" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ceaeea68-ef7e-4a79-8ab5-2d32614668cb.json b/objects/vulnerability/vulnerability--ceaeea68-ef7e-4a79-8ab5-2d32614668cb.json new file mode 100644 index 00000000000..ba1a00e3ef3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ceaeea68-ef7e-4a79-8ab5-2d32614668cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ab60604-90a4-4cbb-8731-b11b6d2d0140", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ceaeea68-ef7e-4a79-8ab5-2d32614668cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.550822Z", + "modified": "2024-12-30T00:22:03.550822Z", + "name": "CVE-2024-56543", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Skip Rx TID cleanup for self peer\n\nDuring peer create, dp setup for the peer is done where Rx TID is\nupdated for all the TIDs. Peer object for self peer will not go through\ndp setup.\n\nWhen core halts, dp cleanup is done for all the peers. While cleanup,\nrx_tid::ab is accessed which causes below stack trace for self peer.\n\nWARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851\nCall Trace:\n__warn+0x7b/0x1a0\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nreport_bug+0x10b/0x200\nhandle_bug+0x3f/0x70\nexc_invalid_op+0x13/0x60\nasm_exc_invalid_op+0x16/0x20\nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k]\nath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k]\nath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k]\nath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k]\nath12k_core_halt+0x3b/0x100 [ath12k]\nath12k_core_reset+0x494/0x4c0 [ath12k]\n\nsta object in peer will be updated when remote peer is created. Hence\nuse peer::sta to detect the self peer and skip the cleanup.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfaa5348-05dd-4859-92b4-602386f222df.json b/objects/vulnerability/vulnerability--cfaa5348-05dd-4859-92b4-602386f222df.json new file mode 100644 index 00000000000..32392e5aeaa --- /dev/null +++ b/objects/vulnerability/vulnerability--cfaa5348-05dd-4859-92b4-602386f222df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60e08bc9-6822-4c3b-8490-24443a633d2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfaa5348-05dd-4859-92b4-602386f222df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.857281Z", + "modified": "2024-12-30T00:22:16.857281Z", + "name": "CVE-2020-9081", + "description": "There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144)\n\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9081" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0e63ab7-8c20-444c-8a6f-c8769c4a0297.json b/objects/vulnerability/vulnerability--d0e63ab7-8c20-444c-8a6f-c8769c4a0297.json new file mode 100644 index 00000000000..3625935aeab --- /dev/null +++ b/objects/vulnerability/vulnerability--d0e63ab7-8c20-444c-8a6f-c8769c4a0297.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--378eded6-5a2e-45ac-8a90-5edc0cd7b0b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0e63ab7-8c20-444c-8a6f-c8769c4a0297", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.949881Z", + "modified": "2024-12-30T00:22:03.949881Z", + "name": "CVE-2024-13029", + "description": "A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13029" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d12f47af-db6a-40cf-ae90-c4bd72ba0fe6.json b/objects/vulnerability/vulnerability--d12f47af-db6a-40cf-ae90-c4bd72ba0fe6.json new file mode 100644 index 00000000000..9ba7aecc06d --- /dev/null +++ b/objects/vulnerability/vulnerability--d12f47af-db6a-40cf-ae90-c4bd72ba0fe6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a505c45b-7b5d-4256-b557-fc96cc7ca543", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d12f47af-db6a-40cf-ae90-c4bd72ba0fe6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.476327Z", + "modified": "2024-12-30T00:22:02.476327Z", + "name": "CVE-2024-53207", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible deadlocks\n\nThis fixes possible deadlocks like the following caused by\nhci_cmd_sync_dequeue causing the destroy function to run:\n\n INFO: task kworker/u19:0:143 blocked for more than 120 seconds.\n Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000\n Workqueue: hci0 hci_cmd_sync_work [bluetooth]\n Call Trace:\n \n __schedule+0x374/0xaf0\n schedule+0x3c/0xf0\n schedule_preempt_disabled+0x1c/0x30\n __mutex_lock.constprop.0+0x3ef/0x7a0\n __mutex_lock_slowpath+0x13/0x20\n mutex_lock+0x3c/0x50\n mgmt_set_connectable_complete+0xa4/0x150 [bluetooth]\n ? kfree+0x211/0x2a0\n hci_cmd_sync_dequeue+0xae/0x130 [bluetooth]\n ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth]\n cmd_complete_rsp+0x26/0x80 [bluetooth]\n mgmt_pending_foreach+0x4d/0x70 [bluetooth]\n __mgmt_power_off+0x8d/0x180 [bluetooth]\n ? _raw_spin_unlock_irq+0x23/0x40\n hci_dev_close_sync+0x445/0x5b0 [bluetooth]\n hci_set_powered_sync+0x149/0x250 [bluetooth]\n set_powered_sync+0x24/0x60 [bluetooth]\n hci_cmd_sync_work+0x90/0x150 [bluetooth]\n process_one_work+0x13e/0x300\n worker_thread+0x2f7/0x420\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x107/0x140\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x3d/0x60\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d1487081-05a1-49bd-a6b7-aa67084ab0c8.json b/objects/vulnerability/vulnerability--d1487081-05a1-49bd-a6b7-aa67084ab0c8.json new file mode 100644 index 00000000000..e67b75800d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--d1487081-05a1-49bd-a6b7-aa67084ab0c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--595829c2-2aff-460a-a343-5024d3e06a39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d1487081-05a1-49bd-a6b7-aa67084ab0c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:07.739615Z", + "modified": "2024-12-30T00:22:07.739615Z", + "name": "CVE-2022-48470", + "description": "Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291)\n\nThis vulnerability has been assigned a (CVE)ID:CVE-2022-48470", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-48470" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d3040a14-d99e-4322-968f-b16e95be4382.json b/objects/vulnerability/vulnerability--d3040a14-d99e-4322-968f-b16e95be4382.json new file mode 100644 index 00000000000..e416343355b --- /dev/null +++ b/objects/vulnerability/vulnerability--d3040a14-d99e-4322-968f-b16e95be4382.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d003f9f4-74b8-4d66-9518-73cc13d272a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d3040a14-d99e-4322-968f-b16e95be4382", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.584443Z", + "modified": "2024-12-30T00:22:03.584443Z", + "name": "CVE-2024-56702", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier's knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don't do this when ref_obj_id > 0, as in\nthat case this is an acquired object and doesn't need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon't regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56702" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d357340f-50b5-43bc-a705-4ea60181774b.json b/objects/vulnerability/vulnerability--d357340f-50b5-43bc-a705-4ea60181774b.json new file mode 100644 index 00000000000..ffb5787e1fb --- /dev/null +++ b/objects/vulnerability/vulnerability--d357340f-50b5-43bc-a705-4ea60181774b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e226c362-b95c-4298-a8a7-0bbc1e27228b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d357340f-50b5-43bc-a705-4ea60181774b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.959077Z", + "modified": "2024-12-30T00:22:03.959077Z", + "name": "CVE-2024-13023", + "description": "A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d437c148-9472-4c48-b976-83acf51e65c9.json b/objects/vulnerability/vulnerability--d437c148-9472-4c48-b976-83acf51e65c9.json new file mode 100644 index 00000000000..5e515f06d1b --- /dev/null +++ b/objects/vulnerability/vulnerability--d437c148-9472-4c48-b976-83acf51e65c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ca93f555-7c12-4742-bc3f-2bd37357c3af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d437c148-9472-4c48-b976-83acf51e65c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.52844Z", + "modified": "2024-12-30T00:22:03.52844Z", + "name": "CVE-2024-56708", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Avoid segmentation fault on module unload\n\nThe segmentation fault happens because:\n\nDuring modprobe:\n1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()\n2. In igen6_register_mci(), mci->pvt_info will point to\n &igen6_pvt->imc[mc]\n\nDuring rmmod:\n1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)\n2. In igen6_remove(), it will kfree(igen6_pvt);\n\nFix this issue by setting mci->pvt_info to NULL to avoid the double\nkfree.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56708" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4964597-213f-4b25-8ff5-22ba359d0cf0.json b/objects/vulnerability/vulnerability--d4964597-213f-4b25-8ff5-22ba359d0cf0.json new file mode 100644 index 00000000000..93941a7ccce --- /dev/null +++ b/objects/vulnerability/vulnerability--d4964597-213f-4b25-8ff5-22ba359d0cf0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4a430f1-a42c-4d99-ae69-da276632de9b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4964597-213f-4b25-8ff5-22ba359d0cf0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.544884Z", + "modified": "2024-12-30T00:22:03.544884Z", + "name": "CVE-2024-56640", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix LGR and link use-after-free issue\n\nWe encountered a LGR/link use-after-free issue, which manifested as\nthe LGR/link refcnt reaching 0 early and entering the clear process,\nmaking resource access unsafe.\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140\n Workqueue: events smc_lgr_terminate_work [smc]\n Call trace:\n refcount_warn_saturate+0x9c/0x140\n __smc_lgr_terminate.part.45+0x2a8/0x370 [smc]\n smc_lgr_terminate_work+0x28/0x30 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nor\n\n refcount_t: underflow; use-after-free.\n WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140\n Workqueue: smc_hs_wq smc_listen_work [smc]\n Call trace:\n refcount_warn_saturate+0xf0/0x140\n smcr_link_put+0x1cc/0x1d8 [smc]\n smc_conn_free+0x110/0x1b0 [smc]\n smc_conn_abort+0x50/0x60 [smc]\n smc_listen_find_device+0x75c/0x790 [smc]\n smc_listen_work+0x368/0x8a0 [smc]\n process_one_work+0x1b8/0x420\n worker_thread+0x158/0x510\n kthread+0x114/0x118\n\nIt is caused by repeated release of LGR/link refcnt. One suspect is that\nsmc_conn_free() is called repeatedly because some smc_conn_free() from\nserver listening path are not protected by sock lock.\n\ne.g.\n\nCalls under socklock | smc_listen_work\n-------------------------------------------------------\nlock_sock(sk) | smc_conn_abort\nsmc_conn_free | \\- smc_conn_free\n\\- smcr_link_put | \\- smcr_link_put (duplicated)\nrelease_sock(sk)\n\nSo here add sock lock protection in smc_listen_work() path, making it\nexclusive with other connection operations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d4bc7cfa-7493-443b-9488-4c3b2805c8a4.json b/objects/vulnerability/vulnerability--d4bc7cfa-7493-443b-9488-4c3b2805c8a4.json new file mode 100644 index 00000000000..ba787b6252a --- /dev/null +++ b/objects/vulnerability/vulnerability--d4bc7cfa-7493-443b-9488-4c3b2805c8a4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bcf5c91-5426-4c2a-ae75-a9b90c665e39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d4bc7cfa-7493-443b-9488-4c3b2805c8a4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.446929Z", + "modified": "2024-12-30T00:22:03.446929Z", + "name": "CVE-2024-56653", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btmtk: avoid UAF in btmtk_process_coredump\n\nhci_devcd_append may lead to the release of the skb, so it cannot be\naccessed once it is called.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk]\nRead of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82\n\nCPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c\nHardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024\nWorkqueue: events btusb_rx_work [btusb]\nCall Trace:\n \n dump_stack_lvl+0xfd/0x150\n print_report+0x131/0x780\n kasan_report+0x177/0x1c0\n btmtk_process_coredump+0x2a7/0x2d0 [btmtk 03edd567dd71a65958807c95a65db31d433e1d01]\n btusb_recv_acl_mtk+0x11c/0x1a0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n btusb_rx_work+0x9e/0xe0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n \n\nAllocated by task 82:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n __kasan_slab_alloc+0x4e/0x60\n kmem_cache_alloc+0x19f/0x360\n skb_clone+0x132/0xf70\n btusb_recv_acl_mtk+0x104/0x1a0 [btusb]\n btusb_rx_work+0x9e/0xe0 [btusb]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nFreed by task 1733:\n stack_trace_save+0xdc/0x190\n kasan_set_track+0x4e/0x80\n kasan_save_free_info+0x28/0xb0\n ____kasan_slab_free+0xfd/0x170\n kmem_cache_free+0x183/0x3f0\n hci_devcd_rx+0x91a/0x2060 [bluetooth]\n worker_thread+0xe44/0x2cc0\n kthread+0x2ff/0x3a0\n ret_from_fork+0x51/0x80\n ret_from_fork_asm+0x1b/0x30\n\nThe buggy address belongs to the object at ffff888033cfab40\n which belongs to the cache skbuff_head_cache of size 232\nThe buggy address is located 112 bytes inside of\n freed 232-byte region [ffff888033cfab40, ffff888033cfac28)\n\nThe buggy address belongs to the physical page:\npage:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa\nhead:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0x4000000000000840(slab|head|zone=1)\npage_type: 0xffffffff()\nraw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001\nraw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888033cfaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\n ffff888033cfab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n>ffff888033cfab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888033cfac00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc\n ffff888033cfac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\n\nCheck if we need to call hci_devcd_complete before calling\nhci_devcd_append. That requires that we check data->cd_info.cnt >=\nMTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we\nincrement data->cd_info.cnt only once the call to hci_devcd_append\nsucceeds.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d66f1490-1de8-463b-9a6b-9dd05476406e.json b/objects/vulnerability/vulnerability--d66f1490-1de8-463b-9a6b-9dd05476406e.json new file mode 100644 index 00000000000..8d3a57f12ca --- /dev/null +++ b/objects/vulnerability/vulnerability--d66f1490-1de8-463b-9a6b-9dd05476406e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8c9df40-bcf5-44c2-b1ec-9d3b0f9c958c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d66f1490-1de8-463b-9a6b-9dd05476406e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.455193Z", + "modified": "2024-12-30T00:22:03.455193Z", + "name": "CVE-2024-56507", + "description": "LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the \"URL\" field of the \"Edit Link\" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7b03194-92fa-4ec0-8cef-46691d7c6e8f.json b/objects/vulnerability/vulnerability--d7b03194-92fa-4ec0-8cef-46691d7c6e8f.json new file mode 100644 index 00000000000..00c3c117b9c --- /dev/null +++ b/objects/vulnerability/vulnerability--d7b03194-92fa-4ec0-8cef-46691d7c6e8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18beab66-efdb-461b-9da9-0017374e9850", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7b03194-92fa-4ec0-8cef-46691d7c6e8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.371374Z", + "modified": "2024-12-30T00:22:02.371374Z", + "name": "CVE-2024-53183", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\num: net: Do not use drvdata in release\n\nThe drvdata is not available in release. Let's just use container_of()\nto get the uml_net instance. Otherwise, removing a network device will\nresult in a crash:\n\nRIP: 0033:net_device_release+0x10/0x6f\nRSP: 00000000e20c7c40 EFLAGS: 00010206\nRAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0\nRDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028\nRBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70\nR10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000\nR13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6\nKernel panic - not syncing: Segfault with no mm\nCPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1\nWorkqueue: events mc_work_proc\nStack:\n 627af028 62c7af00 e20c7c80 60276fcd\n 62778000 603f5820 627af028 00000000\n e20c7cb0 603a2bcd 627af000 62770010\nCall Trace:\n [<60276fcd>] device_release+0x70/0xba\n [<603a2bcd>] kobject_put+0xba/0xe7\n [<60277265>] put_device+0x19/0x1c\n [<60281266>] platform_device_put+0x26/0x29\n [<60281e5f>] platform_device_unregister+0x2c/0x2e\n [<6002ec9c>] net_remove+0x63/0x69\n [<60031316>] ? mconsole_reply+0x0/0x50\n [<600310c8>] mconsole_remove+0x160/0x1cc\n [<60087d40>] ? __remove_hrtimer+0x38/0x74\n [<60087ff8>] ? hrtimer_try_to_cancel+0x8c/0x98\n [<6006b3cf>] ? dl_server_stop+0x3f/0x48\n [<6006b390>] ? dl_server_stop+0x0/0x48\n [<600672e8>] ? dequeue_entities+0x327/0x390\n [<60038fa6>] ? um_set_signals+0x0/0x43\n [<6003070c>] mc_work_proc+0x77/0x91\n [<60057664>] process_scheduled_works+0x1b3/0x2dd\n [<60055f32>] ? assign_work+0x0/0x58\n [<60057f0a>] worker_thread+0x1e9/0x293\n [<6005406f>] ? set_pf_worker+0x0/0x64\n [<6005d65d>] ? arch_local_irq_save+0x0/0x2d\n [<6005d748>] ? kthread_exit+0x0/0x3a\n [<60057d21>] ? worker_thread+0x0/0x293\n [<6005dbf1>] kthread+0x126/0x12b\n [<600219c5>] new_thread_handler+0x85/0xb6", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53183" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8222aca-6dd3-4386-b976-307002c2076b.json b/objects/vulnerability/vulnerability--d8222aca-6dd3-4386-b976-307002c2076b.json new file mode 100644 index 00000000000..3e5c2a47e78 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8222aca-6dd3-4386-b976-307002c2076b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b57468ba-1d39-47de-bbaf-4d7d6abd9d02", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8222aca-6dd3-4386-b976-307002c2076b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.445948Z", + "modified": "2024-12-30T00:22:03.445948Z", + "name": "CVE-2024-56720", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Several fixes to bpf_msg_pop_data\n\nSeveral fixes to bpf_msg_pop_data,\n1. In sk_msg_shift_left, we should put_page\n2. if (len == 0), return early is better\n3. pop the entire sk_msg (last == msg->sg.size) should be supported\n4. Fix for the value of variable \"a\"\n5. In sk_msg_shift_left, after shifting, i has already pointed to the next\nelement. Addtional sk_msg_iter_var_next may result in BUG.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56720" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d91001cb-fdba-4655-a231-47f06682dd3b.json b/objects/vulnerability/vulnerability--d91001cb-fdba-4655-a231-47f06682dd3b.json new file mode 100644 index 00000000000..c30ef2baa0b --- /dev/null +++ b/objects/vulnerability/vulnerability--d91001cb-fdba-4655-a231-47f06682dd3b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e36d0e8e-e377-41a0-aa2a-2b28705e9bc2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d91001cb-fdba-4655-a231-47f06682dd3b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.509118Z", + "modified": "2024-12-30T00:22:03.509118Z", + "name": "CVE-2024-56598", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: array-index-out-of-bounds fix in dtReadFirst\n\nThe value of stbl can be sometimes out of bounds due\nto a bad filesystem. Added a check with appopriate return\nof error code in that case.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da651bd4-7571-420b-a657-ee09c3f10cd9.json b/objects/vulnerability/vulnerability--da651bd4-7571-420b-a657-ee09c3f10cd9.json new file mode 100644 index 00000000000..144c4f4aa17 --- /dev/null +++ b/objects/vulnerability/vulnerability--da651bd4-7571-420b-a657-ee09c3f10cd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5c10e11-1bc6-4a96-8244-8259f745b1c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da651bd4-7571-420b-a657-ee09c3f10cd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.435172Z", + "modified": "2024-12-30T00:22:03.435172Z", + "name": "CVE-2024-56755", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING\n\nIn fscache_create_volume(), there is a missing memory barrier between the\nbit-clearing operation and the wake-up operation. This may cause a\nsituation where, after a wake-up, the bit-clearing operation hasn't been\ndetected yet, leading to an indefinite wait. The triggering process is as\nfollows:\n\n [cookie1] [cookie2] [volume_work]\nfscache_perform_lookup\n fscache_create_volume\n fscache_perform_lookup\n fscache_create_volume\n\t\t\t fscache_create_volume_work\n cachefiles_acquire_volume\n clear_and_wake_up_bit\n test_and_set_bit\n test_and_set_bit\n goto maybe_wait\n goto no_wait\n\nIn the above process, cookie1 and cookie2 has the same volume. When cookie1\nenters the -no_wait- process, it will clear the bit and wake up the waiting\nprocess. If a barrier is missing, it may cause cookie2 to remain in the\n-wait- process indefinitely.\n\nIn commit 3288666c7256 (\"fscache: Use clear_and_wake_up_bit() in\nfscache_create_volume_work()\"), barriers were added to similar operations\nin fscache_create_volume_work(), but fscache_create_volume() was missed.\n\nBy combining the clear and wake operations into clear_and_wake_up_bit() to\nfix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56755" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dab40c10-d5c9-4019-821f-45487119f544.json b/objects/vulnerability/vulnerability--dab40c10-d5c9-4019-821f-45487119f544.json new file mode 100644 index 00000000000..23a6dcf860a --- /dev/null +++ b/objects/vulnerability/vulnerability--dab40c10-d5c9-4019-821f-45487119f544.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ac947da-23bc-4289-aef9-d1ee466feeb3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dab40c10-d5c9-4019-821f-45487119f544", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:01.608067Z", + "modified": "2024-12-30T00:22:01.608067Z", + "name": "CVE-2024-12976", + "description": "A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12976" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dabf74c6-4963-4dd3-bc3f-d7e722040a37.json b/objects/vulnerability/vulnerability--dabf74c6-4963-4dd3-bc3f-d7e722040a37.json new file mode 100644 index 00000000000..491941c28e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--dabf74c6-4963-4dd3-bc3f-d7e722040a37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04be1bc8-eb92-495d-a7c5-544ae6556e6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dabf74c6-4963-4dd3-bc3f-d7e722040a37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.375213Z", + "modified": "2024-12-30T00:22:02.375213Z", + "name": "CVE-2024-53212", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix false positive warning in extack during dumps\n\nCommit under fixes extended extack reporting to dumps.\nIt works under normal conditions, because extack errors are\nusually reported during ->start() or the first ->dump(),\nit's quite rare that the dump starts okay but fails later.\nIf the dump does fail later, however, the input skb will\nalready have the initiating message pulled, so checking\nif bad attr falls within skb->data will fail.\n\nSwitch the check to using nlh, which is always valid.\n\nsyzbot found a way to hit that scenario by filling up\nthe receive queue. In this case we initiate a dump\nbut don't call ->dump() until there is read space for\nan skb.\n\nWARNING: CPU: 1 PID: 5845 at net/netlink/af_netlink.c:2210 netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209\nRIP: 0010:netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209\nCall Trace:\n \n netlink_dump_done+0x513/0x970 net/netlink/af_netlink.c:2250\n netlink_dump+0x91f/0xe10 net/netlink/af_netlink.c:2351\n netlink_recvmsg+0x6bb/0x11d0 net/netlink/af_netlink.c:1983\n sock_recvmsg_nosec net/socket.c:1051 [inline]\n sock_recvmsg+0x22f/0x280 net/socket.c:1073\n __sys_recvfrom+0x246/0x3d0 net/socket.c:2267\n __do_sys_recvfrom net/socket.c:2285 [inline]\n __se_sys_recvfrom net/socket.c:2281 [inline]\n __x64_sys_recvfrom+0xde/0x100 net/socket.c:2281\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7ff37dd17a79", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dac50cc7-0e29-48c7-ba6f-c17594e25013.json b/objects/vulnerability/vulnerability--dac50cc7-0e29-48c7-ba6f-c17594e25013.json new file mode 100644 index 00000000000..ba7d69b7fb1 --- /dev/null +++ b/objects/vulnerability/vulnerability--dac50cc7-0e29-48c7-ba6f-c17594e25013.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b78b298e-6fdc-4964-a724-8b564bc3d34b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dac50cc7-0e29-48c7-ba6f-c17594e25013", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.609065Z", + "modified": "2024-12-30T00:22:03.609065Z", + "name": "CVE-2024-56693", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrd: defer automatic disk creation until module initialization succeeds\n\nMy colleague Wupeng found the following problems during fault injection:\n\nBUG: unable to handle page fault for address: fffffbfff809d073\nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:__asan_load8+0x4c/0xa0\n...\nCall Trace:\n \n blkdev_put_whole+0x41/0x70\n bdev_release+0x1a3/0x250\n blkdev_release+0x11/0x20\n __fput+0x1d7/0x4a0\n task_work_run+0xfc/0x180\n syscall_exit_to_user_mode+0x1de/0x1f0\n do_syscall_64+0x6b/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nloop_init() is calling loop_add() after __register_blkdev() succeeds and\nis ignoring disk_add() failure from loop_add(), for loop_add() failure\nis not fatal and successfully created disks are already visible to\nbdev_open().\n\nbrd_init() is currently calling brd_alloc() before __register_blkdev()\nsucceeds and is releasing successfully created disks when brd_init()\nreturns an error. This can cause UAF for the latter two case:\n\ncase 1:\n T1:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n add_disk\n disk_scan_partitions\n bdev_file_open_by_dev // alloc file\n fput // won't free until back to userspace\n brd_alloc(1) // failed since mem alloc error inject\n // error path for modprobe will release code segment\n // back to userspace\n __fput\n blkdev_release\n bdev_release\n blkdev_put_whole\n bdev->bd_disk->fops->release // fops is freed now, UAF!\n\ncase 2:\n T1: T2:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n open(/dev/ram0)\n brd_alloc(1) // fail\n // error path for modprobe\n\n close(/dev/ram0)\n ...\n /* UAF! */\n bdev->bd_disk->fops->release\n\nFix this problem by following what loop_init() does. Besides,\nreintroduce brd_devices_mutex to help serialize modifications to\nbrd_list.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db4a0ece-b02d-4ac4-9677-eb9c2f6cea71.json b/objects/vulnerability/vulnerability--db4a0ece-b02d-4ac4-9677-eb9c2f6cea71.json new file mode 100644 index 00000000000..ab6e182164d --- /dev/null +++ b/objects/vulnerability/vulnerability--db4a0ece-b02d-4ac4-9677-eb9c2f6cea71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--310aa233-e211-4f85-aab1-716a4b1dff6f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db4a0ece-b02d-4ac4-9677-eb9c2f6cea71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.39907Z", + "modified": "2024-12-30T00:22:03.39907Z", + "name": "CVE-2024-56677", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()\n\nDuring early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,\nsince pageblock_order is still zero and it gets initialized\nlater during initmem_init() e.g.\nsetup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()\n\nOne such use case where this causes issue is -\nearly_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()\n\nThis causes CMA memory alignment check to be bypassed in\ncma_init_reserved_mem(). Then later cma_activate_area() can hit\na VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory\narea was not pageblock_order aligned.\n\nFix it by moving the fadump_cma_init() after initmem_init(),\nwhere other such cma reservations also gets called.\n\n\n==============\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010\nflags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA\nraw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))\n------------[ cut here ]------------\nkernel BUG at mm/page_alloc.c:778!\n\nCall Trace:\n__free_one_page+0x57c/0x7b0 (unreliable)\nfree_pcppages_bulk+0x1a8/0x2c8\nfree_unref_page_commit+0x3d4/0x4e4\nfree_unref_page+0x458/0x6d0\ninit_cma_reserved_pageblock+0x114/0x198\ncma_init_reserved_areas+0x270/0x3e0\ndo_one_initcall+0x80/0x2f8\nkernel_init_freeable+0x33c/0x530\nkernel_init+0x34/0x26c\nret_from_kernel_user_thread+0x14/0x1c", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dcedcc6f-9698-443c-bff1-3555405006ad.json b/objects/vulnerability/vulnerability--dcedcc6f-9698-443c-bff1-3555405006ad.json new file mode 100644 index 00000000000..1852e67d401 --- /dev/null +++ b/objects/vulnerability/vulnerability--dcedcc6f-9698-443c-bff1-3555405006ad.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c39cfba2-d1c3-44df-8d76-29172d0b01f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dcedcc6f-9698-443c-bff1-3555405006ad", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.417227Z", + "modified": "2024-12-30T00:22:03.417227Z", + "name": "CVE-2024-56577", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mtk-jpeg: Fix null-ptr-deref during unload module\n\nThe workqueue should be destroyed in mtk_jpeg_core.c since commit\n09aea13ecf6f (\"media: mtk-jpeg: refactor some variables\"), otherwise\nthe below calltrace can be easily triggered.\n\n[ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023\n[ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f]\n...\n[ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17\n...\n[ 677.882838] pc : destroy_workqueue+0x3c/0x770\n[ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[ 677.884314] sp : ffff80008ad974f0\n[ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070\n[ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690\n[ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000\n[ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0\n[ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10\n[ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d\n[ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90\n[ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001\n[ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000\n[ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118\n[ 677.893977] Call trace:\n[ 677.894297] destroy_workqueue+0x3c/0x770\n[ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw]\n[ 677.895677] devm_action_release+0x50/0x90\n[ 677.896211] release_nodes+0xe8/0x170\n[ 677.896688] devres_release_all+0xf8/0x178\n[ 677.897219] device_unbind_cleanup+0x24/0x170\n[ 677.897785] device_release_driver_internal+0x35c/0x480\n[ 677.898461] device_release_driver+0x20/0x38\n...\n[ 677.912665] ---[ end trace 0000000000000000 ]---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56577" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd1ed0e2-22d0-4ae4-9747-7d97dd630379.json b/objects/vulnerability/vulnerability--dd1ed0e2-22d0-4ae4-9747-7d97dd630379.json new file mode 100644 index 00000000000..3a90c5638b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--dd1ed0e2-22d0-4ae4-9747-7d97dd630379.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2358c03-b534-4a05-b892-ff6c91b3090c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd1ed0e2-22d0-4ae4-9747-7d97dd630379", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.441655Z", + "modified": "2024-12-30T00:22:03.441655Z", + "name": "CVE-2024-56536", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cw1200: Fix potential NULL dereference\n\nA recent refactoring was identified by static analysis to\ncause a potential NULL dereference, fix this!", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd6fb510-9621-4ef4-935b-773d759aef11.json b/objects/vulnerability/vulnerability--dd6fb510-9621-4ef4-935b-773d759aef11.json new file mode 100644 index 00000000000..3bf75463b2a --- /dev/null +++ b/objects/vulnerability/vulnerability--dd6fb510-9621-4ef4-935b-773d759aef11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b48c9da-a4f0-436c-8df7-0d1fe902953c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd6fb510-9621-4ef4-935b-773d759aef11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.456178Z", + "modified": "2024-12-30T00:22:03.456178Z", + "name": "CVE-2024-56615", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix OOB devmap writes when deleting elements\n\nJordy reported issue against XSKMAP which also applies to DEVMAP - the\nindex used for accessing map entry, due to being a signed integer,\ncauses the OOB writes. Fix is simple as changing the type from int to\nu32, however, when compared to XSKMAP case, one more thing needs to be\naddressed.\n\nWhen map is released from system via dev_map_free(), we iterate through\nall of the entries and an iterator variable is also an int, which\nimplies OOB accesses. Again, change it to be u32.\n\nExample splat below:\n\n[ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000\n[ 160.731662] #PF: supervisor read access in kernel mode\n[ 160.736876] #PF: error_code(0x0000) - not-present page\n[ 160.742095] PGD 0 P4D 0\n[ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP\n[ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487\n[ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019\n[ 160.767642] Workqueue: events_unbound bpf_map_free_deferred\n[ 160.773308] RIP: 0010:dev_map_free+0x77/0x170\n[ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff\n[ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202\n[ 160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024\n[ 160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000\n[ 160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001\n[ 160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122\n[ 160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000\n[ 160.838310] FS: 0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000\n[ 160.846528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0\n[ 160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 160.874092] PKRU: 55555554\n[ 160.876847] Call Trace:\n[ 160.879338] \n[ 160.881477] ? __die+0x20/0x60\n[ 160.884586] ? page_fault_oops+0x15a/0x450\n[ 160.888746] ? search_extable+0x22/0x30\n[ 160.892647] ? search_bpf_extables+0x5f/0x80\n[ 160.896988] ? exc_page_fault+0xa9/0x140\n[ 160.900973] ? asm_exc_page_fault+0x22/0x30\n[ 160.905232] ? dev_map_free+0x77/0x170\n[ 160.909043] ? dev_map_free+0x58/0x170\n[ 160.912857] bpf_map_free_deferred+0x51/0x90\n[ 160.917196] process_one_work+0x142/0x370\n[ 160.921272] worker_thread+0x29e/0x3b0\n[ 160.925082] ? rescuer_thread+0x4b0/0x4b0\n[ 160.929157] kthread+0xd4/0x110\n[ 160.932355] ? kthread_park+0x80/0x80\n[ 160.936079] ret_from_fork+0x2d/0x50\n[ 160.943396] ? kthread_park+0x80/0x80\n[ 160.950803] ret_from_fork_asm+0x11/0x20\n[ 160.958482] ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--deabadbe-5a3f-4603-8542-44d2aeedb918.json b/objects/vulnerability/vulnerability--deabadbe-5a3f-4603-8542-44d2aeedb918.json new file mode 100644 index 00000000000..d47d976378c --- /dev/null +++ b/objects/vulnerability/vulnerability--deabadbe-5a3f-4603-8542-44d2aeedb918.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d6a3633-901d-41e0-b3f2-bc2ede67608f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--deabadbe-5a3f-4603-8542-44d2aeedb918", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.551854Z", + "modified": "2024-12-30T00:22:03.551854Z", + "name": "CVE-2024-56729", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Initialize cfid->tcon before performing network ops\n\nAvoid leaking a tcon ref when a lease break races with opening the\ncached directory. Processing the leak break might take a reference to\nthe tcon in cached_dir_lease_break() and then fail to release the ref in\ncached_dir_offload_close, since cfid->tcon is still NULL.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--deecfefb-e150-4fde-9013-f431eb10b356.json b/objects/vulnerability/vulnerability--deecfefb-e150-4fde-9013-f431eb10b356.json new file mode 100644 index 00000000000..bf0acb69d09 --- /dev/null +++ b/objects/vulnerability/vulnerability--deecfefb-e150-4fde-9013-f431eb10b356.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a1b0e82-d3ac-4498-9083-7f86a6cf6291", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--deecfefb-e150-4fde-9013-f431eb10b356", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.386297Z", + "modified": "2024-12-30T00:22:03.386297Z", + "name": "CVE-2024-56558", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: make sure exp active before svc_export_show\n\nThe function `e_show` was called with protection from RCU. This only\nensures that `exp` will not be freed. Therefore, the reference count for\n`exp` can drop to zero, which will trigger a refcount use-after-free\nwarning when `exp_get` is called. To resolve this issue, use\n`cache_get_rcu` to ensure that `exp` remains active.\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 3 PID: 819 at lib/refcount.c:25\nrefcount_warn_saturate+0xb1/0x120\nCPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:refcount_warn_saturate+0xb1/0x120\n...\nCall Trace:\n \n e_show+0x20b/0x230 [nfsd]\n seq_read_iter+0x589/0x770\n seq_read+0x1e5/0x270\n vfs_read+0x125/0x530\n ksys_read+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e03920d3-5f38-496b-858a-37dc97dcd6bf.json b/objects/vulnerability/vulnerability--e03920d3-5f38-496b-858a-37dc97dcd6bf.json new file mode 100644 index 00000000000..ddae89e22e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e03920d3-5f38-496b-858a-37dc97dcd6bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42267e03-ec99-4a30-8dc8-77d24b725411", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e03920d3-5f38-496b-858a-37dc97dcd6bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.413355Z", + "modified": "2024-12-30T00:22:03.413355Z", + "name": "CVE-2024-56719", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: fix TSO DMA API usage causing oops\n\nCommit 66600fac7a98 (\"net: stmmac: TSO: Fix unbalanced DMA map/unmap\nfor non-paged SKB data\") moved the assignment of tx_skbuff_dma[]'s\nmembers to be later in stmmac_tso_xmit().\n\nThe buf (dma cookie) and len stored in this structure are passed to\ndma_unmap_single() by stmmac_tx_clean(). The DMA API requires that\nthe dma cookie passed to dma_unmap_single() is the same as the value\nreturned from dma_map_single(). However, by moving the assignment\nlater, this is not the case when priv->dma_cap.addr64 > 32 as \"des\"\nis offset by proto_hdr_len.\n\nThis causes problems such as:\n\n dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed\n\nand with DMA_API_DEBUG enabled:\n\n DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes]\n\nFix this by maintaining \"des\" as the original DMA cookie, and use\ntso_des to pass the offset DMA cookie to stmmac_tso_allocator().\n\nFull details of the crashes can be found at:\nhttps://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/\nhttps://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56719" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0ce3bb5-7e88-4cc0-8290-64623ce38c6e.json b/objects/vulnerability/vulnerability--e0ce3bb5-7e88-4cc0-8290-64623ce38c6e.json new file mode 100644 index 00000000000..8fecb185e8f --- /dev/null +++ b/objects/vulnerability/vulnerability--e0ce3bb5-7e88-4cc0-8290-64623ce38c6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43c57b80-c3bc-4523-a424-8b2722c2f2e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0ce3bb5-7e88-4cc0-8290-64623ce38c6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.496617Z", + "modified": "2024-12-30T00:22:03.496617Z", + "name": "CVE-2024-56706", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpum_sf: Fix and protect memory allocation of SDBs with mutex\n\nReservation of the PMU hardware is done at first event creation\nand is protected by a pair of mutex_lock() and mutex_unlock().\nAfter reservation of the PMU hardware the memory\nrequired for the PMUs the event is to be installed on is\nallocated by allocate_buffers() and alloc_sampling_buffer().\nThis done outside of the mutex protection.\nWithout mutex protection two or more concurrent invocations of\nperf_event_init() may run in parallel.\nThis can lead to allocation of Sample Data Blocks (SDBs)\nmultiple times for the same PMU.\nPrevent this and protect memory allocation of SDBs by\nmutex.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56706" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0f82b8b-44ee-4ba0-aee6-7b2834dda586.json b/objects/vulnerability/vulnerability--e0f82b8b-44ee-4ba0-aee6-7b2834dda586.json new file mode 100644 index 00000000000..14462407226 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0f82b8b-44ee-4ba0-aee6-7b2834dda586.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40806c8e-d2f5-4c56-ab0f-4d3449e29954", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0f82b8b-44ee-4ba0-aee6-7b2834dda586", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.479813Z", + "modified": "2024-12-30T00:22:02.479813Z", + "name": "CVE-2024-53197", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\n\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev->config.\n\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e28e0342-4ba2-44fc-8139-471b4f53d1ff.json b/objects/vulnerability/vulnerability--e28e0342-4ba2-44fc-8139-471b4f53d1ff.json new file mode 100644 index 00000000000..77fe161b3c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e28e0342-4ba2-44fc-8139-471b4f53d1ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf04595e-e0c2-4a55-9995-8d3656de81ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e28e0342-4ba2-44fc-8139-471b4f53d1ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.413271Z", + "modified": "2024-12-30T00:22:02.413271Z", + "name": "CVE-2024-53214", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Properly hide first-in-list PCIe extended capability\n\nThere are cases where a PCIe extended capability should be hidden from\nthe user. For example, an unknown capability (i.e., capability with ID\ngreater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally\nchosen to be hidden from the user.\n\nHiding a capability is done by virtualizing and modifying the 'Next\nCapability Offset' field of the previous capability so it points to the\ncapability after the one that should be hidden.\n\nThe special case where the first capability in the list should be hidden\nis handled differently because there is no previous capability that can\nbe modified. In this case, the capability ID and version are zeroed\nwhile leaving the next pointer intact. This hides the capability and\nleaves an anchor for the rest of the capability list.\n\nHowever, today, hiding the first capability in the list is not done\nproperly if the capability is unknown, as struct\nvfio_pci_core_device->pci_config_map is set to the capability ID during\ninitialization but the capability ID is not properly checked later when\nused in vfio_config_do_rw(). This leads to the following warning [1] and\nto an out-of-bounds access to ecap_perms array.\n\nFix it by checking cap_id in vfio_config_do_rw(), and if it is greater\nthan PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct\nread only access instead of the ecap_perms array.\n\nNote that this is safe since the above is the only case where cap_id can\nexceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which\nare already checked before).\n\n[1]\n\nWARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\nCPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1\n(snip)\nCall Trace:\n \n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x140\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? report_bug+0x18f/0x1a0\n ? handle_bug+0x63/0xa0\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]\n vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]\n vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]\n vfio_device_fops_read+0x27/0x40 [vfio]\n vfs_read+0xbd/0x340\n ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]\n ? __rseq_handle_notify_resume+0xa4/0x4b0\n __x64_sys_pread64+0x96/0xc0\n x64_sys_call+0x1c3d/0x20d0\n do_syscall_64+0x4d/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e30ccc38-382b-461d-89ff-3bb20c6fe98a.json b/objects/vulnerability/vulnerability--e30ccc38-382b-461d-89ff-3bb20c6fe98a.json new file mode 100644 index 00000000000..37cd9bbb56e --- /dev/null +++ b/objects/vulnerability/vulnerability--e30ccc38-382b-461d-89ff-3bb20c6fe98a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--172c5b6e-658e-4fc0-8d74-a1c8d839de4c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e30ccc38-382b-461d-89ff-3bb20c6fe98a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.613459Z", + "modified": "2024-12-30T00:22:03.613459Z", + "name": "CVE-2024-56544", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: change folios array from kmalloc to kvmalloc\n\nWhen PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine,\npage_alloc only support 4MB.\nIf above this, trigger this warn and return NULL.\n\nudmabuf can change size limit, if change it to 3072(3GB), and then alloc\n3GB udmabuf, will fail create.\n\n[ 4080.876581] ------------[ cut here ]------------\n[ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350\n[ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350\n[ 4080.879470] Call Trace:\n[ 4080.879473] \n[ 4080.879473] ? __alloc_pages+0x2c8/0x350\n[ 4080.879475] ? __warn.cold+0x8e/0xe8\n[ 4080.880647] ? __alloc_pages+0x2c8/0x350\n[ 4080.880909] ? report_bug+0xff/0x140\n[ 4080.881175] ? handle_bug+0x3c/0x80\n[ 4080.881556] ? exc_invalid_op+0x17/0x70\n[ 4080.881559] ? asm_exc_invalid_op+0x1a/0x20\n[ 4080.882077] ? udmabuf_create+0x131/0x400\n\nBecause MAX_PAGE_ORDER, kmalloc can max alloc 4096 * (1 << 10), 4MB\nmemory, each array entry is pointer(8byte), so can save 524288 pages(2GB).\n\nFurther more, costly order(order 3) may not be guaranteed that it can be\napplied for, due to fragmentation.\n\nThis patch change udmabuf array use kvmalloc_array, this can fallback\nalloc into vmalloc, which can guarantee allocation for any size and does\nnot affect the performance of kmalloc allocations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e428565d-93fd-4522-a2af-4f41127257d6.json b/objects/vulnerability/vulnerability--e428565d-93fd-4522-a2af-4f41127257d6.json new file mode 100644 index 00000000000..696e48e4835 --- /dev/null +++ b/objects/vulnerability/vulnerability--e428565d-93fd-4522-a2af-4f41127257d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2008e02-16f3-4aed-83b8-5a0a05272862", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e428565d-93fd-4522-a2af-4f41127257d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.430745Z", + "modified": "2024-12-30T00:22:03.430745Z", + "name": "CVE-2024-56635", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid potential UAF in default_operstate()\n\nsyzbot reported an UAF in default_operstate() [1]\n\nIssue is a race between device and netns dismantles.\n\nAfter calling __rtnl_unlock() from netdev_run_todo(),\nwe can not assume the netns of each device is still alive.\n\nMake sure the device is not in NETREG_UNREGISTERED state,\nand add an ASSERT_RTNL() before the call to\n__dev_get_by_index().\n\nWe might move this ASSERT_RTNL() in __dev_get_by_index()\nin the future.\n\n[1]\n\nBUG: KASAN: slab-use-after-free in __dev_get_by_index+0x5d/0x110 net/core/dev.c:852\nRead of size 8 at addr ffff888043eba1b0 by task syz.0.0/5339\n\nCPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n __dev_get_by_index+0x5d/0x110 net/core/dev.c:852\n default_operstate net/core/link_watch.c:51 [inline]\n rfc2863_policy+0x224/0x300 net/core/link_watch.c:67\n linkwatch_do_dev+0x3e/0x170 net/core/link_watch.c:170\n netdev_run_todo+0x461/0x1000 net/core/dev.c:10894\n rtnl_unlock net/core/rtnetlink.c:152 [inline]\n rtnl_net_unlock include/linux/rtnetlink.h:133 [inline]\n rtnl_dellink+0x760/0x8d0 net/core/rtnetlink.c:3520\n rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2541\n netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347\n netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891\n sock_sendmsg_nosec net/socket.c:711 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:726\n ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583\n ___sys_sendmsg net/socket.c:2637 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2669\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2a3cb80809\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809\nRDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008\nRBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8\n \n\nAllocated by task 5339:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314\n kmalloc_noprof include/linux/slab.h:901 [inline]\n kmalloc_array_noprof include/linux/slab.h:945 [inline]\n netdev_create_hash net/core/dev.c:11870 [inline]\n netdev_init+0x10c/0x250 net/core/dev.c:11890\n ops_init+0x31e/0x590 net/core/net_namespace.c:138\n setup_net+0x287/0x9e0 net/core/net_namespace.c:362\n copy_net_ns+0x33f/0x570 net/core/net_namespace.c:500\n create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228\n ksys_unshare+0x57d/0xa70 kernel/fork.c:3314\n __do_sys_unshare kernel/fork.c:3385 [inline]\n __se_sys_unshare kernel/fork.c:3383 [inline]\n __x64_sys_unshare+0x38/0x40 kernel/fork.c:3383\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x8\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e44cb4a7-fe6e-4452-8995-704a5593e8d2.json b/objects/vulnerability/vulnerability--e44cb4a7-fe6e-4452-8995-704a5593e8d2.json new file mode 100644 index 00000000000..fce5ae18b8a --- /dev/null +++ b/objects/vulnerability/vulnerability--e44cb4a7-fe6e-4452-8995-704a5593e8d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6d9b8b01-2296-44e5-8dd7-f4506d89818c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e44cb4a7-fe6e-4452-8995-704a5593e8d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.428035Z", + "modified": "2024-12-30T00:22:03.428035Z", + "name": "CVE-2024-56656", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips\n\nThe 5760X (P7) chip's HW GRO/LRO interface is very similar to that of\nthe previous generation (5750X or P5). However, the aggregation ID\nfields in the completion structures on P7 have been redefined from\n16 bits to 12 bits. The freed up 4 bits are redefined for part of the\nmetadata such as the VLAN ID. The aggregation ID mask was not modified\nwhen adding support for P7 chips. Including the extra 4 bits for the\naggregation ID can potentially cause the driver to store or fetch the\npacket header of GRO/LRO packets in the wrong TPA buffer. It may hit\nthe BUG() condition in __skb_pull() because the SKB contains no valid\npacket header:\n\nkernel BUG at include/linux/skbuff.h:2766!\nOops: invalid opcode: 0000 1 PREEMPT SMP NOPTI\nCPU: 4 UID: 0 PID: 0 Comm: swapper/4 Kdump: loaded Tainted: G OE 6.12.0-rc2+ #7\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: Dell Inc. PowerEdge R760/0VRV9X, BIOS 1.0.1 12/27/2022\nRIP: 0010:eth_type_trans+0xda/0x140\nCode: 80 00 00 00 eb c1 8b 47 70 2b 47 74 48 8b 97 d0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb a5 <0f> 0b b8 00 01 00 00 eb 9c 48 85 ff 74 eb 31 f6 b9 02 00 00 00 48\nRSP: 0018:ff615003803fcc28 EFLAGS: 00010283\nRAX: 00000000000022d2 RBX: 0000000000000003 RCX: ff2e8c25da334040\nRDX: 0000000000000040 RSI: ff2e8c25c1ce8000 RDI: ff2e8c25869f9000\nRBP: ff2e8c258c31c000 R08: ff2e8c25da334000 R09: 0000000000000001\nR10: ff2e8c25da3342c0 R11: ff2e8c25c1ce89c0 R12: ff2e8c258e0990b0\nR13: ff2e8c25bb120000 R14: ff2e8c25c1ce89c0 R15: ff2e8c25869f9000\nFS: 0000000000000000(0000) GS:ff2e8c34be300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055f05317e4c8 CR3: 000000108bac6006 CR4: 0000000000773ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? die+0x33/0x90\n ? do_trap+0xd9/0x100\n ? eth_type_trans+0xda/0x140\n ? do_error_trap+0x65/0x80\n ? eth_type_trans+0xda/0x140\n ? exc_invalid_op+0x4e/0x70\n ? eth_type_trans+0xda/0x140\n ? asm_exc_invalid_op+0x16/0x20\n ? eth_type_trans+0xda/0x140\n bnxt_tpa_end+0x10b/0x6b0 [bnxt_en]\n ? bnxt_tpa_start+0x195/0x320 [bnxt_en]\n bnxt_rx_pkt+0x902/0xd90 [bnxt_en]\n ? __bnxt_tx_int.constprop.0+0x89/0x300 [bnxt_en]\n ? kmem_cache_free+0x343/0x440\n ? __bnxt_tx_int.constprop.0+0x24f/0x300 [bnxt_en]\n __bnxt_poll_work+0x193/0x370 [bnxt_en]\n bnxt_poll_p5+0x9a/0x300 [bnxt_en]\n ? try_to_wake_up+0x209/0x670\n __napi_poll+0x29/0x1b0\n\nFix it by redefining the aggregation ID mask for P5_PLUS chips to be\n12 bits. This will work because the maximum aggregation ID is less\nthan 4096 on all P5_PLUS chips.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4cdd463-db3b-46d8-a3e9-486fde0c1cdc.json b/objects/vulnerability/vulnerability--e4cdd463-db3b-46d8-a3e9-486fde0c1cdc.json new file mode 100644 index 00000000000..6055269f3c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4cdd463-db3b-46d8-a3e9-486fde0c1cdc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f1a25b5-a21d-4f09-89b7-89a76dbdf52a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4cdd463-db3b-46d8-a3e9-486fde0c1cdc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.437326Z", + "modified": "2024-12-30T00:22:03.437326Z", + "name": "CVE-2024-56669", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Remove cache tags before disabling ATS\n\nThe current implementation removes cache tags after disabling ATS,\nleading to potential memory leaks and kernel crashes. Specifically,\nCACHE_TAG_DEVTLB type cache tags may still remain in the list even\nafter the domain is freed, causing a use-after-free condition.\n\nThis issue really shows up when multiple VFs from different PFs\npassed through to a single user-space process via vfio-pci. In such\ncases, the kernel may crash with kernel messages like:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000014\n PGD 19036a067 P4D 1940a3067 PUD 136c9b067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 74 UID: 0 PID: 3183 Comm: testCli Not tainted 6.11.9 #2\n RIP: 0010:cache_tag_flush_range+0x9b/0x250\n Call Trace:\n \n ? __die+0x1f/0x60\n ? page_fault_oops+0x163/0x590\n ? exc_page_fault+0x72/0x190\n ? asm_exc_page_fault+0x22/0x30\n ? cache_tag_flush_range+0x9b/0x250\n ? cache_tag_flush_range+0x5d/0x250\n intel_iommu_tlb_sync+0x29/0x40\n intel_iommu_unmap_pages+0xfe/0x160\n __iommu_unmap+0xd8/0x1a0\n vfio_unmap_unpin+0x182/0x340 [vfio_iommu_type1]\n vfio_remove_dma+0x2a/0xb0 [vfio_iommu_type1]\n vfio_iommu_type1_ioctl+0xafa/0x18e0 [vfio_iommu_type1]\n\nMove cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix\nit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e58c3b63-f12c-4fd5-8c6b-5adb5031e084.json b/objects/vulnerability/vulnerability--e58c3b63-f12c-4fd5-8c6b-5adb5031e084.json new file mode 100644 index 00000000000..14224b2a1b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--e58c3b63-f12c-4fd5-8c6b-5adb5031e084.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43252ed5-6479-4922-9824-28c9b53c1179", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e58c3b63-f12c-4fd5-8c6b-5adb5031e084", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.547418Z", + "modified": "2024-12-30T00:22:03.547418Z", + "name": "CVE-2024-56622", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: sysfs: Prevent div by zero\n\nPrevent a division by 0 when monitoring is not enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56622" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5d487b9-d5b3-47a2-8e69-c3583b907ccd.json b/objects/vulnerability/vulnerability--e5d487b9-d5b3-47a2-8e69-c3583b907ccd.json new file mode 100644 index 00000000000..464fbbf0bdb --- /dev/null +++ b/objects/vulnerability/vulnerability--e5d487b9-d5b3-47a2-8e69-c3583b907ccd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--218d3d4a-12e5-49c4-8f2d-d5897ddcfcd8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5d487b9-d5b3-47a2-8e69-c3583b907ccd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.366116Z", + "modified": "2024-12-30T00:22:02.366116Z", + "name": "CVE-2024-53168", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix one UAF issue caused by sunrpc kernel tcp socket\n\nBUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0\nRead of size 1 at addr ffff888111f322cd by task swapper/0/0\n\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1\nCall Trace:\n \n dump_stack_lvl+0x68/0xa0\n print_address_description.constprop.0+0x2c/0x3d0\n print_report+0xb4/0x270\n kasan_report+0xbd/0xf0\n tcp_write_timer_handler+0x156/0x3e0\n tcp_write_timer+0x66/0x170\n call_timer_fn+0xfb/0x1d0\n __run_timers+0x3f8/0x480\n run_timer_softirq+0x9b/0x100\n handle_softirqs+0x153/0x390\n __irq_exit_rcu+0x103/0x120\n irq_exit_rcu+0xe/0x20\n sysvec_apic_timer_interrupt+0x76/0x90\n \n \n asm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:default_idle+0xf/0x20\nCode: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90\n 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 c3 cc cc cc\n cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90\nRSP: 0018:ffffffffa2007e28 EFLAGS: 00000242\nRAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f\nRBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d\nR10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000\nR13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0\n default_idle_call+0x6b/0xa0\n cpuidle_idle_call+0x1af/0x1f0\n do_idle+0xbc/0x130\n cpu_startup_entry+0x33/0x40\n rest_init+0x11f/0x210\n start_kernel+0x39a/0x420\n x86_64_start_reservations+0x18/0x30\n x86_64_start_kernel+0x97/0xa0\n common_startup_64+0x13e/0x141\n \n\nAllocated by task 595:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x87/0x90\n kmem_cache_alloc_noprof+0x12b/0x3f0\n copy_net_ns+0x94/0x380\n create_new_namespaces+0x24c/0x500\n unshare_nsproxy_namespaces+0x75/0xf0\n ksys_unshare+0x24e/0x4f0\n __x64_sys_unshare+0x1f/0x30\n do_syscall_64+0x70/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 100:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x54/0x70\n kmem_cache_free+0x156/0x5d0\n cleanup_net+0x5d3/0x670\n process_one_work+0x776/0xa90\n worker_thread+0x2e2/0x560\n kthread+0x1a8/0x1f0\n ret_from_fork+0x34/0x60\n ret_from_fork_asm+0x1a/0x30\n\nReproduction script:\n\nmkdir -p /mnt/nfsshare\nmkdir -p /mnt/nfs/netns_1\nmkfs.ext4 /dev/sdb\nmount /dev/sdb /mnt/nfsshare\nsystemctl restart nfs-server\nchmod 777 /mnt/nfsshare\nexportfs -i -o rw,no_root_squash *:/mnt/nfsshare\n\nip netns add netns_1\nip link add name veth_1_peer type veth peer veth_1\nifconfig veth_1_peer 11.11.0.254 up\nip link set veth_1 netns netns_1\nip netns exec netns_1 ifconfig veth_1 11.11.0.1\n\nip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \\\n\t--tcp-flags FIN FIN -j DROP\n\n(note: In my environment, a DESTROY_CLIENTID operation is always sent\n immediately, breaking the nfs tcp connection.)\nip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \\\n\t11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1\n\nip netns del netns_1\n\nThe reason here is that the tcp socket in netns_1 (nfs side) has been\nshutdown and closed (done in xs_destroy), but the FIN message (with ack)\nis discarded, and the nfsd side keeps sending retransmission messages.\nAs a result, when the tcp sock in netns_1 processes the received message,\nit sends the message (FIN message) in the sending queue, and the tcp timer\nis re-established. When the network namespace is deleted, the net structure\naccessed by tcp's timer handler function causes problems.\n\nTo fix this problem, let's hold netns refcnt for the tcp kernel socket as\ndone in other modules. This is an ugly hack which can easily be backported\nto earlier kernels. A proper fix which cleans up the interfaces will\nfollow, but may not be so easy to backport.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53168" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6a7ebf0-0dd9-4e91-8b18-985ffde427f7.json b/objects/vulnerability/vulnerability--e6a7ebf0-0dd9-4e91-8b18-985ffde427f7.json new file mode 100644 index 00000000000..d47bf7110c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6a7ebf0-0dd9-4e91-8b18-985ffde427f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee8f66c7-5c93-48ac-9649-122970d1451e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6a7ebf0-0dd9-4e91-8b18-985ffde427f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.616986Z", + "modified": "2024-12-30T00:22:03.616986Z", + "name": "CVE-2024-56631", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Fix slab-use-after-free read in sg_release()\n\nFix a use-after-free bug in sg_release(), detected by syzbot with KASAN:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30\nkernel/locking/lockdep.c:5838\n__mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912\nsg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407\n\nIn sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is\ncalled before releasing the open_rel_lock mutex. The kref_put() call may\ndecrement the reference count of sfp to zero, triggering its cleanup\nthrough sg_remove_sfp(). This cleanup includes scheduling deferred work\nvia sg_remove_sfp_usercontext(), which ultimately frees sfp.\n\nAfter kref_put(), sg_release() continues to unlock open_rel_lock and may\nreference sfp or sdp. If sfp has already been freed, this results in a\nslab-use-after-free error.\n\nMove the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the\nopen_rel_lock mutex. This ensures:\n\n - No references to sfp or sdp occur after the reference count is\n decremented.\n\n - Cleanup functions such as sg_remove_sfp() and\n sg_remove_sfp_usercontext() can safely execute without impacting the\n mutex handling in sg_release().\n\nThe fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures proper\nsequencing of resource cleanup and mutex operations, eliminating the\nrisk of use-after-free errors in sg_release().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e74914d8-35be-4fc8-8c97-ae8c59a494c8.json b/objects/vulnerability/vulnerability--e74914d8-35be-4fc8-8c97-ae8c59a494c8.json new file mode 100644 index 00000000000..830d9d5df8c --- /dev/null +++ b/objects/vulnerability/vulnerability--e74914d8-35be-4fc8-8c97-ae8c59a494c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ff115bf-6289-4f9d-9794-30e8b93f3e1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e74914d8-35be-4fc8-8c97-ae8c59a494c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.513625Z", + "modified": "2024-12-30T00:22:03.513625Z", + "name": "CVE-2024-56638", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_inner: incorrect percpu area handling under softirq\n\nSoftirq can interrupt ongoing packet from process context that is\nwalking over the percpu area that contains inner header offsets.\n\nDisable bh and perform three checks before restoring the percpu inner\nheader offsets to validate that the percpu area is valid for this\nskbuff:\n\n1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff\n has already been parsed before for inner header fetching to\n register.\n\n2) Validate that the percpu area refers to this skbuff using the\n skbuff pointer as a cookie. If there is a cookie mismatch, then\n this skbuff needs to be parsed again.\n\n3) Finally, validate if the percpu area refers to this tunnel type.\n\nOnly after these three checks the percpu area is restored to a on-stack\ncopy and bh is enabled again.\n\nAfter inner header fetching, the on-stack copy is stored back to the\npercpu area.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7f3a344-3d06-4db6-8332-e21af272cd7e.json b/objects/vulnerability/vulnerability--e7f3a344-3d06-4db6-8332-e21af272cd7e.json new file mode 100644 index 00000000000..200ee247fcf --- /dev/null +++ b/objects/vulnerability/vulnerability--e7f3a344-3d06-4db6-8332-e21af272cd7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8bd685a0-42cf-4a1a-9138-52d778a82260", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7f3a344-3d06-4db6-8332-e21af272cd7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.567791Z", + "modified": "2024-12-30T00:22:03.567791Z", + "name": "CVE-2024-56597", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix shift-out-of-bounds in dbSplit\n\nWhen dmt_budmin is less than zero, it causes errors\nin the later stages. Added a check to return an error beforehand\nin dbAllocCtl itself.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e801afd5-b8de-4c7b-8692-87db7f213d2e.json b/objects/vulnerability/vulnerability--e801afd5-b8de-4c7b-8692-87db7f213d2e.json new file mode 100644 index 00000000000..92b0c681984 --- /dev/null +++ b/objects/vulnerability/vulnerability--e801afd5-b8de-4c7b-8692-87db7f213d2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14b511c5-df08-4f2b-8d89-4043b00a569d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e801afd5-b8de-4c7b-8692-87db7f213d2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:16.860437Z", + "modified": "2024-12-30T00:22:16.860437Z", + "name": "CVE-2020-9236", + "description": "There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010)\n\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2020-9236" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e80d41b0-7c90-4496-9f7b-a7e55379bef0.json b/objects/vulnerability/vulnerability--e80d41b0-7c90-4496-9f7b-a7e55379bef0.json new file mode 100644 index 00000000000..4deb81c399c --- /dev/null +++ b/objects/vulnerability/vulnerability--e80d41b0-7c90-4496-9f7b-a7e55379bef0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--670ca398-4bc6-4347-a07f-b346f82e9dcb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e80d41b0-7c90-4496-9f7b-a7e55379bef0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:06.848613Z", + "modified": "2024-12-30T00:22:06.848613Z", + "name": "CVE-2021-37000", + "description": "Some Huawei wearables have a permission management vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2021-37000" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e818dac8-ea31-43db-8c20-da1d98b98175.json b/objects/vulnerability/vulnerability--e818dac8-ea31-43db-8c20-da1d98b98175.json new file mode 100644 index 00000000000..2a9095ef2d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e818dac8-ea31-43db-8c20-da1d98b98175.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--416a9636-8d9b-43bd-8b93-e17263a08ef8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e818dac8-ea31-43db-8c20-da1d98b98175", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.954121Z", + "modified": "2024-12-30T00:22:03.954121Z", + "name": "CVE-2024-13012", + "description": "A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e92fd9a9-7432-4d5b-b98e-44c94985cc11.json b/objects/vulnerability/vulnerability--e92fd9a9-7432-4d5b-b98e-44c94985cc11.json new file mode 100644 index 00000000000..7b38b6e78d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e92fd9a9-7432-4d5b-b98e-44c94985cc11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85278f5c-580b-4e67-a33e-d3d8d7742a19", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e92fd9a9-7432-4d5b-b98e-44c94985cc11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.481652Z", + "modified": "2024-12-30T00:22:03.481652Z", + "name": "CVE-2024-56668", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix qi_batch NULL pointer with nested parent domain\n\nThe qi_batch is allocated when assigning cache tag for a domain. While\nfor nested parent domain, it is missed. Hence, when trying to map pages\nto the nested parent, NULL dereference occurred. Also, there is potential\nmemleak since there is no lock around domain->qi_batch allocation.\n\nTo solve it, add a helper for qi_batch allocation, and call it in both\nthe __cache_tag_assign_domain() and __cache_tag_assign_parent_domain().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000200\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 8104795067 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632\n Call Trace:\n ? __die+0x24/0x70\n ? page_fault_oops+0x80/0x150\n ? do_user_addr_fault+0x63/0x7b0\n ? exc_page_fault+0x7c/0x220\n ? asm_exc_page_fault+0x26/0x30\n ? cache_tag_flush_range_np+0x13c/0x260\n intel_iommu_iotlb_sync_map+0x1a/0x30\n iommu_map+0x61/0xf0\n batch_to_domain+0x188/0x250\n iopt_area_fill_domains+0x125/0x320\n ? rcu_is_watching+0x11/0x50\n iopt_map_pages+0x63/0x100\n iopt_map_common.isra.0+0xa7/0x190\n iopt_map_user_pages+0x6a/0x80\n iommufd_ioas_map+0xcd/0x1d0\n iommufd_fops_ioctl+0x118/0x1c0\n __x64_sys_ioctl+0x93/0xc0\n do_syscall_64+0x71/0x140\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56668" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9ebb240-dd81-4463-9285-95a34c8cca57.json b/objects/vulnerability/vulnerability--e9ebb240-dd81-4463-9285-95a34c8cca57.json new file mode 100644 index 00000000000..207d159d270 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9ebb240-dd81-4463-9285-95a34c8cca57.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad27d8d5-ec12-4427-8273-b91d5c363eea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9ebb240-dd81-4463-9285-95a34c8cca57", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.429733Z", + "modified": "2024-12-30T00:22:03.429733Z", + "name": "CVE-2024-56562", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()\n\nif (dev->boardinfo && dev->boardinfo->init_dyn_addr)\n ^^^ here check \"init_dyn_addr\"\n\ti3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...)\n\t\t\t\t\t\t ^^^^\n\t\t\t\t\t\t\tfree \"dyn_addr\"\nFix copy/paste error \"dyn_addr\" by replacing it with \"init_dyn_addr\".", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56562" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9fd27fc-7e7f-41e1-9306-0ecc5ab1ba9f.json b/objects/vulnerability/vulnerability--e9fd27fc-7e7f-41e1-9306-0ecc5ab1ba9f.json new file mode 100644 index 00000000000..f102125f01d --- /dev/null +++ b/objects/vulnerability/vulnerability--e9fd27fc-7e7f-41e1-9306-0ecc5ab1ba9f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--150abab6-41d5-481d-83b2-1e09c3fdb71d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9fd27fc-7e7f-41e1-9306-0ecc5ab1ba9f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.950926Z", + "modified": "2024-12-30T00:22:03.950926Z", + "name": "CVE-2024-13021", + "description": "A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13021" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea77bbf2-e59d-498a-9785-d1e4a4583fa2.json b/objects/vulnerability/vulnerability--ea77bbf2-e59d-498a-9785-d1e4a4583fa2.json new file mode 100644 index 00000000000..51d034cd6e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea77bbf2-e59d-498a-9785-d1e4a4583fa2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf628c14-d234-4a94-90d1-73d5814b3ee6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea77bbf2-e59d-498a-9785-d1e4a4583fa2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.38885Z", + "modified": "2024-12-30T00:22:03.38885Z", + "name": "CVE-2024-56585", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Fix sleeping in atomic context for PREEMPT_RT\n\nCommit bab1c299f3945ffe79 (\"LoongArch: Fix sleeping in atomic context in\nsetup_tlb_handler()\") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC\nfor alloc_pages_node(). However, for PREEMPT_RT kernels we can still get\na \"sleeping in atomic context\" error:\n\n[ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n[ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n[ 0.372268] preempt_count: 1, expected: 0\n[ 0.372270] RCU nest depth: 1, expected: 1\n[ 0.372272] 3 locks held by swapper/1/0:\n[ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60\n[ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140\n[ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0\n[ 0.372314] irq event stamp: 0\n[ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0\n[ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0\n[ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0\n[ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0\n[ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891\n[ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022\n[ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000\n[ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788\n[ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001\n[ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0\n[ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003\n[ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003\n[ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004\n[ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000\n[ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000\n[ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000\n[ 0.372537] ...\n[ 0.372540] Call Trace:\n[ 0.372542] [<9000000005924778>] show_stack+0x38/0x180\n[ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4\n[ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260\n[ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140\n[ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0\n[ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60\n[ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820\n[ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298\n[ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140\n[ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60\n[ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0\n[ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c\n\nThis is because in PREEMPT_RT kernels normal spinlocks are replaced by\nrt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling\nNUMA optimization completely for PREEMPT_RT kernels.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56585" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec1aabef-08a0-4b97-ae5c-e772b7b84a86.json b/objects/vulnerability/vulnerability--ec1aabef-08a0-4b97-ae5c-e772b7b84a86.json new file mode 100644 index 00000000000..c6c4afe0bd9 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec1aabef-08a0-4b97-ae5c-e772b7b84a86.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80b7e2e6-be88-4022-9c34-7bc6f8e44f7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec1aabef-08a0-4b97-ae5c-e772b7b84a86", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.405767Z", + "modified": "2024-12-30T00:22:02.405767Z", + "name": "CVE-2024-53210", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()\n\nPassing MSG_PEEK flag to skb_recv_datagram() increments skb refcount\n(skb->users) and iucv_sock_recvmsg() does not decrement skb refcount\nat exit.\nThis results in skb memory leak in skb_queue_purge() and WARN_ON in\niucv_sock_destruct() during socket close. To fix this decrease\nskb refcount by one if MSG_PEEK is set in order to prevent memory\nleak and WARN_ON.\n\nWARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv]\nCPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1\nHardware name: IBM 3931 A01 704 (z/VM 7.3.0)\nCall Trace:\n [<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv]\n [<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv]\n [<001587c704117a32>] __sk_destruct+0x52/0x550\n [<001587c704104a54>] __sock_release+0xa4/0x230\n [<001587c704104c0c>] sock_close+0x2c/0x40\n [<001587c702c5f5a8>] __fput+0x2e8/0x970\n [<001587c7024148c4>] task_work_run+0x1c4/0x2c0\n [<001587c7023b0716>] do_exit+0x996/0x1050\n [<001587c7023b13aa>] do_group_exit+0x13a/0x360\n [<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60\n [<001587c7022bccca>] do_syscall+0x27a/0x380\n [<001587c7049a6a0c>] __do_syscall+0x9c/0x160\n [<001587c7049ce8a8>] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee917918-2cbf-41a1-9767-49769100d757.json b/objects/vulnerability/vulnerability--ee917918-2cbf-41a1-9767-49769100d757.json new file mode 100644 index 00000000000..69f31d1b9fb --- /dev/null +++ b/objects/vulnerability/vulnerability--ee917918-2cbf-41a1-9767-49769100d757.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b4ffcda2-304b-4b03-851d-7fb94329bf03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee917918-2cbf-41a1-9767-49769100d757", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.439283Z", + "modified": "2024-12-30T00:22:03.439283Z", + "name": "CVE-2024-56663", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one\n\nSince the netlink attribute range validation provides inclusive\nchecking, the *max* of attribute NL80211_ATTR_MLO_LINK_ID should be\nIEEE80211_MLD_MAX_NUM_LINKS - 1 otherwise causing an off-by-one.\n\nOne crash stack for demonstration:\n==================================================================\nBUG: KASAN: wild-memory-access in ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939\nRead of size 6 at addr 001102080000000c by task fuzzer.386/9508\n\nCPU: 1 PID: 9508 Comm: syz.1.386 Not tainted 6.1.70 #2\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_report+0xe0/0x750 mm/kasan/report.c:398\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n kasan_check_range+0x287/0x290 mm/kasan/generic.c:189\n memcpy+0x25/0x60 mm/kasan/shadow.c:65\n ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939\n rdev_tx_control_port net/wireless/rdev-ops.h:761 [inline]\n nl80211_tx_control_port+0x7b3/0xc40 net/wireless/nl80211.c:15453\n genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756\n genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]\n genl_rcv_msg+0x539/0x740 net/netlink/genetlink.c:850\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n genl_rcv+0x24/0x40 net/netlink/genetlink.c:861\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUpdate the policy to ensure correct validation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56663" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0ace79d-1b61-41c5-8420-d8aff6f48673.json b/objects/vulnerability/vulnerability--f0ace79d-1b61-41c5-8420-d8aff6f48673.json new file mode 100644 index 00000000000..39c9c79785a --- /dev/null +++ b/objects/vulnerability/vulnerability--f0ace79d-1b61-41c5-8420-d8aff6f48673.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--819fb6c2-7d04-4294-99d3-c49a67a9006e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0ace79d-1b61-41c5-8420-d8aff6f48673", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.47529Z", + "modified": "2024-12-30T00:22:03.47529Z", + "name": "CVE-2024-56654", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix using rcu_read_(un)lock while iterating\n\nThe usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is\nnot safe since for the most part entries fetched this way shall be\ntreated as rcu_dereference:\n\n\tNote that the value returned by rcu_dereference() is valid\n\tonly within the enclosing RCU read-side critical section [1]_.\n\tFor example, the following is **not** legal::\n\n\t\trcu_read_lock();\n\t\tp = rcu_dereference(head.next);\n\t\trcu_read_unlock();\n\t\tx = p->address;\t/* BUG!!! */\n\t\trcu_read_lock();\n\t\ty = p->data;\t/* BUG!!! */\n\t\trcu_read_unlock();", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56654" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1fbc60f-1026-4c74-9d41-0cad36cd472d.json b/objects/vulnerability/vulnerability--f1fbc60f-1026-4c74-9d41-0cad36cd472d.json new file mode 100644 index 00000000000..6f3ebe2526f --- /dev/null +++ b/objects/vulnerability/vulnerability--f1fbc60f-1026-4c74-9d41-0cad36cd472d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d8ddea-73e8-4a68-902c-44cb31b46e06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1fbc60f-1026-4c74-9d41-0cad36cd472d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.578901Z", + "modified": "2024-12-30T00:22:03.578901Z", + "name": "CVE-2024-56592", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Call free_htab_elem() after htab_unlock_bucket()\n\nFor htab of maps, when the map is removed from the htab, it may hold the\nlast reference of the map. bpf_map_fd_put_ptr() will invoke\nbpf_map_free_id() to free the id of the removed map element. However,\nbpf_map_fd_put_ptr() is invoked while holding a bucket lock\n(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock\n(spinlock_t), triggering the following lockdep warning:\n\n =============================\n [ BUG: Invalid wait context ]\n 6.11.0-rc4+ #49 Not tainted\n -----------------------------\n test_maps/4881 is trying to lock:\n ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70\n other info that might help us debug this:\n context-{5:5}\n 2 locks held by test_maps/4881:\n #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270\n #1: ffff888149ced148 (&htab->lockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80\n stack backtrace:\n CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...\n Call Trace:\n \n dump_stack_lvl+0x6e/0xb0\n dump_stack+0x10/0x20\n __lock_acquire+0x73e/0x36c0\n lock_acquire+0x182/0x450\n _raw_spin_lock_irqsave+0x43/0x70\n bpf_map_free_id.part.0+0x21/0x70\n bpf_map_put+0xcf/0x110\n bpf_map_fd_put_ptr+0x9a/0xb0\n free_htab_elem+0x69/0xe0\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n htab_map_update_elem+0x50f/0xa80\n bpf_fd_htab_map_update_elem+0x131/0x270\n bpf_map_update_value+0x266/0x380\n __sys_bpf+0x21bb/0x36b0\n __x64_sys_bpf+0x45/0x60\n x64_sys_call+0x1b2a/0x20d0\n do_syscall_64+0x5d/0x100\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nOne way to fix the lockdep warning is using raw_spinlock_t for\nmap_idr_lock as well. However, bpf_map_alloc_id() invokes\nidr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a\nsimilar lockdep warning because the slab's lock (s->cpu_slab->lock) is\nstill a spinlock.\n\nInstead of changing map_idr_lock's type, fix the issue by invoking\nhtab_put_fd_value() after htab_unlock_bucket(). However, only deferring\nthe invocation of htab_put_fd_value() is not enough, because the old map\npointers in htab of maps can not be saved during batched deletion.\nTherefore, also defer the invocation of free_htab_elem(), so these\nto-be-freed elements could be linked together similar to lru map.\n\nThere are four callers for ->map_fd_put_ptr:\n\n(1) alloc_htab_elem() (through htab_put_fd_value())\nIt invokes ->map_fd_put_ptr() under a raw_spinlock_t. The invocation of\nhtab_put_fd_value() can not simply move after htab_unlock_bucket(),\nbecause the old element has already been stashed in htab->extra_elems.\nIt may be reused immediately after htab_unlock_bucket() and the\ninvocation of htab_put_fd_value() after htab_unlock_bucket() may release\nthe newly-added element incorrectly. Therefore, saving the map pointer\nof the old element for htab of maps before unlocking the bucket and\nreleasing the map_ptr after unlock. Beside the map pointer in the old\nelement, should do the same thing for the special fields in the old\nelement as well.\n\n(2) free_htab_elem() (through htab_put_fd_value())\nIts caller includes __htab_map_lookup_and_delete_elem(),\nhtab_map_delete_elem() and __htab_map_lookup_and_delete_batch().\n\nFor htab_map_delete_elem(), simply invoke free_htab_elem() after\nhtab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just\nlike lru map, linking the to-be-freed element into node_to_free list\nand invoking free_htab_elem() for these element after unlock. It is safe\nto reuse batch_flink as the link for node_to_free, because these\nelements have been removed from the hash llist.\n\nBecause htab of maps doesn't support lookup_and_delete operation,\n__htab_map_lookup_and_delete_elem() doesn't have the problem, so kept\nit as\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56592" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2577b30-7912-4048-a4da-807f0cddb2f4.json b/objects/vulnerability/vulnerability--f2577b30-7912-4048-a4da-807f0cddb2f4.json new file mode 100644 index 00000000000..e7767c39769 --- /dev/null +++ b/objects/vulnerability/vulnerability--f2577b30-7912-4048-a4da-807f0cddb2f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4a8bbac-92d1-4228-a435-444029e64f0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2577b30-7912-4048-a4da-807f0cddb2f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.403867Z", + "modified": "2024-12-30T00:22:03.403867Z", + "name": "CVE-2024-56611", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM\n\nWe currently assume that there is at least one VMA in a MM, which isn't\ntrue.\n\nSo we might end up having find_vma() return NULL, to then de-reference\nNULL. So properly handle find_vma() returning NULL.\n\nThis fixes the report:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nRIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline]\nRIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194\nCode: ...\nRSP: 0018:ffffc9000375fd08 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000\nRDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044\nRBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1\nR10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003\nR13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8\nFS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709\n __do_sys_migrate_pages mm/mempolicy.c:1727 [inline]\n __se_sys_migrate_pages mm/mempolicy.c:1723 [inline]\n __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[akpm@linux-foundation.org: add unlikely()]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56611" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f2ec38bb-c601-4cc9-95ce-0b18d3b16ce5.json b/objects/vulnerability/vulnerability--f2ec38bb-c601-4cc9-95ce-0b18d3b16ce5.json new file mode 100644 index 00000000000..a43e640871a --- /dev/null +++ b/objects/vulnerability/vulnerability--f2ec38bb-c601-4cc9-95ce-0b18d3b16ce5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dae19275-ce5f-425a-8484-0da3a6c18141", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f2ec38bb-c601-4cc9-95ce-0b18d3b16ce5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.761339Z", + "modified": "2024-12-30T00:22:03.761339Z", + "name": "CVE-2024-46973", + "description": "Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46973" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3448fee-65fe-4b1a-8ab7-50896fc64774.json b/objects/vulnerability/vulnerability--f3448fee-65fe-4b1a-8ab7-50896fc64774.json new file mode 100644 index 00000000000..e3d8d866e02 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3448fee-65fe-4b1a-8ab7-50896fc64774.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71569283-8f51-43f2-88ef-9b59ead7c5d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3448fee-65fe-4b1a-8ab7-50896fc64774", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.448316Z", + "modified": "2024-12-30T00:22:03.448316Z", + "name": "CVE-2024-56645", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: j1939_session_new(): fix skb reference counting\n\nSince j1939_session_skb_queue() does an extra skb_get() for each new\nskb, do the same for the initial one in j1939_session_new() to avoid\nrefcount underflow.\n\n[mkl: clean up commit message]", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3d774f2-ae2e-49a8-a010-ba29c8d6c0ce.json b/objects/vulnerability/vulnerability--f3d774f2-ae2e-49a8-a010-ba29c8d6c0ce.json new file mode 100644 index 00000000000..cd683d868a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--f3d774f2-ae2e-49a8-a010-ba29c8d6c0ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5774643a-b4d3-434e-8b0b-09bdb67b4c1a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3d774f2-ae2e-49a8-a010-ba29c8d6c0ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.443063Z", + "modified": "2024-12-30T00:22:02.443063Z", + "name": "CVE-2024-53178", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Don't leak cfid when reconnect races with open_cached_dir\n\nopen_cached_dir() may either race with the tcon reconnection even before\ncompound_send_recv() or directly trigger a reconnection via\nSMB2_open_init() or SMB_query_info_init().\n\nThe reconnection process invokes invalidate_all_cached_dirs() via\ncifs_mark_open_files_invalid(), which removes all cfids from the\ncfids->entries list but doesn't drop a ref if has_lease isn't true. This\nresults in the currently-being-constructed cfid not being on the list,\nbut still having a refcount of 2. It leaks if returned from\nopen_cached_dir().\n\nFix this by setting cfid->has_lease when the ref is actually taken; the\ncfid will not be used by other threads until it has a valid time.\n\nAddresses these kmemleaks:\n\nunreferenced object 0xffff8881090c4000 (size 1024):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 32 bytes):\n 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........\".......\n 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E\"......O.....\n backtrace (crc 6f58c20f):\n [] __kmalloc_cache_noprof+0x2be/0x350\n [] open_cached_dir+0x993/0x1fb0\n [] cifs_readdir+0x15a0/0x1d50\n [] iterate_dir+0x28f/0x4b0\n [] __x64_sys_getdents64+0xfd/0x200\n [] do_syscall_64+0x95/0x1a0\n [] entry_SYSCALL_64_after_hwframe+0x76/0x7e\nunreferenced object 0xffff8881044fdcf8 (size 8):\n comm \"bash\", pid 1860, jiffies 4295126592\n hex dump (first 8 bytes):\n 00 cc cc cc cc cc cc cc ........\n backtrace (crc 10c106a9):\n [] __kmalloc_node_track_caller_noprof+0x363/0x480\n [] kstrdup+0x36/0x60\n [] open_cached_dir+0x9b0/0x1fb0\n [] cifs_readdir+0x15a0/0x1d50\n [] iterate_dir+0x28f/0x4b0\n [] __x64_sys_getdents64+0xfd/0x200\n [] do_syscall_64+0x95/0x1a0\n [] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nAnd addresses these BUG splats when unmounting the SMB filesystem:\n\nBUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs]\nWARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100\nModules linked in:\nCPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49\nHardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020\nRIP: 0010:umount_check+0xd0/0x100\nCode: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff <0f> 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41\nRSP: 0018:ffff88811cc27978 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40\nRBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3\nR10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08\nR13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0\nFS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0\nCall Trace:\n \n d_walk+0x6a/0x530\n shrink_dcache_for_umount+0x6a/0x200\n generic_shutdown_super+0x52/0x2a0\n kill_anon_super+0x22/0x40\n cifs_kill_sb+0x159/0x1e0\n deactivate_locked_super+0x66/0xe0\n cleanup_mnt+0x140/0x210\n task_work_run+0xfb/0x170\n syscall_exit_to_user_mode+0x29f/0x2b0\n do_syscall_64+0xa1/0x1a0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f23bfb93ae7\nCode: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 \n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f3d7831c-1217-4521-8eb4-6859ee7a02e9.json b/objects/vulnerability/vulnerability--f3d7831c-1217-4521-8eb4-6859ee7a02e9.json new file mode 100644 index 00000000000..618d58396ca --- /dev/null +++ b/objects/vulnerability/vulnerability--f3d7831c-1217-4521-8eb4-6859ee7a02e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93ff671e-84b6-4cc2-95c3-12c05ef0e534", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f3d7831c-1217-4521-8eb4-6859ee7a02e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.409737Z", + "modified": "2024-12-30T00:22:03.409737Z", + "name": "CVE-2024-56599", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: avoid NULL pointer error during sdio remove\n\nWhen running 'rmmod ath10k', ath10k_sdio_remove() will free sdio\nworkqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON\nis set to yes, kernel panic will happen:\nCall trace:\n destroy_workqueue+0x1c/0x258\n ath10k_sdio_remove+0x84/0x94\n sdio_bus_remove+0x50/0x16c\n device_release_driver_internal+0x188/0x25c\n device_driver_detach+0x20/0x2c\n\nThis is because during 'rmmod ath10k', ath10k_sdio_remove() will call\nath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release()\nwill finally be called in ath10k_core_destroy(). This function will free\nstruct cfg80211_registered_device *rdev and all its members, including\nwiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio\nworkqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON.\n\nAfter device release, destroy_workqueue() will use NULL pointer then the\nkernel panic happen.\n\nCall trace:\nath10k_sdio_remove\n ->ath10k_core_unregister\n ……\n ->ath10k_core_stop\n ->ath10k_hif_stop\n ->ath10k_sdio_irq_disable\n ->ath10k_hif_power_down\n ->del_timer_sync(&ar_sdio->sleep_timer)\n ->ath10k_core_destroy\n ->ath10k_mac_destroy\n ->ieee80211_free_hw\n ->wiphy_free\n ……\n ->wiphy_dev_release\n ->destroy_workqueue\n\nNeed to call destroy_workqueue() before ath10k_core_destroy(), free\nthe work queue buffer first and then free pointer of work queue by\nath10k_core_destroy(). This order matches the error path order in\nath10k_sdio_probe().\n\nNo work will be queued on sdio workqueue between it is destroyed and\nath10k_core_destroy() is called. Based on the call_stack above, the\nreason is:\nOnly ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and\nath10k_sdio_irq_disable() will queue work on sdio workqueue.\nSleep timer will be deleted before ath10k_core_destroy() in\nath10k_hif_power_down().\nath10k_sdio_irq_disable() only be called in ath10k_hif_stop().\nath10k_core_unregister() will call ath10k_hif_power_down() to stop hif\nbus, so ath10k_sdio_hif_tx_sg() won't be called anymore.\n\nTested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f42a0529-db32-415f-a11b-d64b45eeded8.json b/objects/vulnerability/vulnerability--f42a0529-db32-415f-a11b-d64b45eeded8.json new file mode 100644 index 00000000000..04faeec8a0c --- /dev/null +++ b/objects/vulnerability/vulnerability--f42a0529-db32-415f-a11b-d64b45eeded8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b65bee56-a9fb-4ddd-a596-77d9f72156f9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f42a0529-db32-415f-a11b-d64b45eeded8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.380609Z", + "modified": "2024-12-30T00:22:02.380609Z", + "name": "CVE-2024-53190", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures\n\nSyzkaller reported a hung task with uevent_show() on stack trace. That\nspecific issue was addressed by another commit [0], but even with that\nfix applied (for example, running v6.12-rc5) we face another type of hung\ntask that comes from the same reproducer [1]. By investigating that, we\ncould narrow it to the following path:\n\n(a) Syzkaller emulates a Realtek USB WiFi adapter using raw-gadget and\ndummy_hcd infrastructure.\n\n(b) During the probe of rtl8192cu, the driver ends-up performing an efuse\nread procedure (which is related to EEPROM load IIUC), and here lies the\nissue: the function read_efuse() calls read_efuse_byte() many times, as\nloop iterations depending on the efuse size (in our example, 512 in total).\n\nThis procedure for reading efuse bytes relies in a loop that performs an\nI/O read up to *10k* times in case of failures. We measured the time of\nthe loop inside read_efuse_byte() alone, and in this reproducer (which\ninvolves the dummy_hcd emulation layer), it takes 15 seconds each. As a\nconsequence, we have the driver stuck in its probe routine for big time,\nexposing a stack trace like below if we attempt to reboot the system, for\nexample:\n\ntask:kworker/0:3 state:D stack:0 pid:662 tgid:662 ppid:2 flags:0x00004000\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n __schedule+0xe22/0xeb6\n schedule_timeout+0xe7/0x132\n __wait_for_common+0xb5/0x12e\n usb_start_wait_urb+0xc5/0x1ef\n ? usb_alloc_urb+0x95/0xa4\n usb_control_msg+0xff/0x184\n _usbctrl_vendorreq_sync+0xa0/0x161\n _usb_read_sync+0xb3/0xc5\n read_efuse_byte+0x13c/0x146\n read_efuse+0x351/0x5f0\n efuse_read_all_map+0x42/0x52\n rtl_efuse_shadow_map_update+0x60/0xef\n rtl_get_hwinfo+0x5d/0x1c2\n rtl92cu_read_eeprom_info+0x10a/0x8d5\n ? rtl92c_read_chip_version+0x14f/0x17e\n rtl_usb_probe+0x323/0x851\n usb_probe_interface+0x278/0x34b\n really_probe+0x202/0x4a4\n __driver_probe_device+0x166/0x1b2\n driver_probe_device+0x2f/0xd8\n [...]\n\nWe propose hereby to drastically reduce the attempts of doing the I/O\nreads in case of failures, restricted to USB devices (given that\nthey're inherently slower than PCIe ones). By retrying up to 10 times\n(instead of 10000), we got reponsiveness in the reproducer, while seems\nreasonable to believe that there's no sane USB device implementation in\nthe field requiring this amount of retries at every I/O read in order\nto properly work. Based on that assumption, it'd be good to have it\nbackported to stable but maybe not since driver implementation (the 10k\nnumber comes from day 0), perhaps up to 6.x series makes sense.\n\n[0] Commit 15fffc6a5624 (\"driver core: Fix uevent_show() vs driver detach race\")\n\n[1] A note about that: this syzkaller report presents multiple reproducers\nthat differs by the type of emulated USB device. For this specific case,\ncheck the entry from 2024/08/08 06:23 in the list of crashes; the C repro\nis available at https://syzkaller.appspot.com/text?tag=ReproC&x=1521fc83980000.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53190" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f50d6f6f-8a20-4cc0-a4f8-899fb80dbb49.json b/objects/vulnerability/vulnerability--f50d6f6f-8a20-4cc0-a4f8-899fb80dbb49.json new file mode 100644 index 00000000000..83109e17e8a --- /dev/null +++ b/objects/vulnerability/vulnerability--f50d6f6f-8a20-4cc0-a4f8-899fb80dbb49.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e17b8aa-2456-4df9-a98e-84fbbe66b052", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f50d6f6f-8a20-4cc0-a4f8-899fb80dbb49", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.375195Z", + "modified": "2024-12-30T00:22:03.375195Z", + "name": "CVE-2024-56639", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: must allocate more bytes for RedBox support\n\nBlamed commit forgot to change hsr_init_skb() to allocate\nlarger skb for RedBox case.\n\nIndeed, send_hsr_supervision_frame() will add\ntwo additional components (struct hsr_sup_tlv\nand struct hsr_sup_payload)\n\nsyzbot reported the following crash:\nskbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0\n------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206\nCode: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c\nRSP: 0018:ffffc90000858ab8 EFLAGS: 00010282\nRAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69\nRDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005\nRBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a\nR13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140\nFS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n skb_over_panic net/core/skbuff.c:211 [inline]\n skb_put+0x174/0x1b0 net/core/skbuff.c:2617\n send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342\n hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436\n call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794\n expire_timers kernel/time/timer.c:1845 [inline]\n __run_timers+0x6e8/0x930 kernel/time/timer.c:2419\n __run_timer_base kernel/time/timer.c:2430 [inline]\n __run_timer_base kernel/time/timer.c:2423 [inline]\n run_timer_base+0x111/0x190 kernel/time/timer.c:2439\n run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449\n handle_softirqs+0x213/0x8f0 kernel/softirq.c:554\n __do_softirq kernel/softirq.c:588 [inline]\n invoke_softirq kernel/softirq.c:428 [inline]\n __irq_exit_rcu kernel/softirq.c:637 [inline]\n irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]\n sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049\n ", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f58741b9-bed7-4a73-adfd-61bc440d3a27.json b/objects/vulnerability/vulnerability--f58741b9-bed7-4a73-adfd-61bc440d3a27.json new file mode 100644 index 00000000000..1480de24f23 --- /dev/null +++ b/objects/vulnerability/vulnerability--f58741b9-bed7-4a73-adfd-61bc440d3a27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72859305-7320-43c6-9deb-fbd06a8407b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f58741b9-bed7-4a73-adfd-61bc440d3a27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.477247Z", + "modified": "2024-12-30T00:22:03.477247Z", + "name": "CVE-2024-56578", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56578" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb66e757-35ef-40ea-9a0a-576b292b69d9.json b/objects/vulnerability/vulnerability--fb66e757-35ef-40ea-9a0a-576b292b69d9.json new file mode 100644 index 00000000000..79d94ffca0f --- /dev/null +++ b/objects/vulnerability/vulnerability--fb66e757-35ef-40ea-9a0a-576b292b69d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1826ee9-627a-40ba-88aa-e0d6252e3449", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb66e757-35ef-40ea-9a0a-576b292b69d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.401308Z", + "modified": "2024-12-30T00:22:03.401308Z", + "name": "CVE-2024-56595", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: add a check to prevent array-index-out-of-bounds in dbAdjTree\n\nWhen the value of lp is 0 at the beginning of the for loop, it will\nbecome negative in the next assignment and we should bail out.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb9cfb86-7d7c-436c-82cb-cbbd9c23f92a.json b/objects/vulnerability/vulnerability--fb9cfb86-7d7c-436c-82cb-cbbd9c23f92a.json new file mode 100644 index 00000000000..82e118c8a69 --- /dev/null +++ b/objects/vulnerability/vulnerability--fb9cfb86-7d7c-436c-82cb-cbbd9c23f92a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ba7e6fc-61c8-445a-bc1c-0ef28f438c57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb9cfb86-7d7c-436c-82cb-cbbd9c23f92a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.436322Z", + "modified": "2024-12-30T00:22:03.436322Z", + "name": "CVE-2024-56674", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: correct netdev_tx_reset_queue() invocation point\n\nWhen virtnet_close is followed by virtnet_open, some TX completions can\npossibly remain unconsumed, until they are finally processed during the\nfirst NAPI poll after the netdev_tx_reset_queue(), resulting in a crash\n[1]. Commit b96ed2c97c79 (\"virtio_net: move netdev_tx_reset_queue() call\nbefore RX napi enable\") was not sufficient to eliminate all BQL crash\ncases for virtio-net.\n\nThis issue can be reproduced with the latest net-next master by running:\n`while :; do ip l set DEV down; ip l set DEV up; done` under heavy network\nTX load from inside the machine.\n\nnetdev_tx_reset_queue() can actually be dropped from virtnet_open path;\nthe device is not stopped in any case. For BQL core part, it's just like\ntraffic nearly ceases to exist for some period. For stall detector added\nto BQL, even if virtnet_close could somehow lead to some TX completions\ndelayed for long, followed by virtnet_open, we can just take it as stall\nas mentioned in commit 6025b9135f7a (\"net: dqs: add NIC stall detector\nbased on BQL\"). Note also that users can still reset stall_max via sysfs.\n\nSo, drop netdev_tx_reset_queue() from virtnet_enable_queue_pair(). This\neliminates the BQL crashes. As a result, netdev_tx_reset_queue() is now\nexplicitly required in freeze/restore path. This patch adds it to\nimmediately after free_unused_bufs(), following the rule of thumb:\nnetdev_tx_reset_queue() should follow any SKB freeing not followed by\nnetdev_tx_completed_queue(). This seems the most consistent and\nstreamlined approach, and now netdev_tx_reset_queue() runs whenever\nfree_unused_bufs() is done.\n\n[1]:\n------------[ cut here ]------------\nkernel BUG at lib/dynamic_queue_limits.c:99!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 7 UID: 0 PID: 1598 Comm: ip Tainted: G N 6.12.0net-next_main+ #2\nTainted: [N]=TEST\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), \\\nBIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:dql_completed+0x26b/0x290\nCode: b7 c2 49 89 e9 44 89 da 89 c6 4c 89 d7 e8 ed 17 47 00 58 65 ff 0d\n4d 27 90 7e 0f 85 fd fe ff ff e8 ea 53 8d ff e9 f3 fe ff ff <0f> 0b 01\nd2 44 89 d1 29 d1 ba 00 00 00 00 0f 48 ca e9 28 ff ff ff\nRSP: 0018:ffffc900002b0d08 EFLAGS: 00010297\nRAX: 0000000000000000 RBX: ffff888102398c80 RCX: 0000000080190009\nRDX: 0000000000000000 RSI: 000000000000006a RDI: 0000000000000000\nRBP: ffff888102398c00 R08: 0000000000000000 R09: 0000000000000000\nR10: 00000000000000ca R11: 0000000000015681 R12: 0000000000000001\nR13: ffffc900002b0d68 R14: ffff88811115e000 R15: ffff8881107aca40\nFS: 00007f41ded69500(0000) GS:ffff888667dc0000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556ccc2dc1a0 CR3: 0000000104fd8003 CR4: 0000000000772ef0\nPKRU: 55555554\nCall Trace:\n \n ? die+0x32/0x80\n ? do_trap+0xd9/0x100\n ? dql_completed+0x26b/0x290\n ? dql_completed+0x26b/0x290\n ? do_error_trap+0x6d/0xb0\n ? dql_completed+0x26b/0x290\n ? exc_invalid_op+0x4c/0x60\n ? dql_completed+0x26b/0x290\n ? asm_exc_invalid_op+0x16/0x20\n ? dql_completed+0x26b/0x290\n __free_old_xmit+0xff/0x170 [virtio_net]\n free_old_xmit+0x54/0xc0 [virtio_net]\n virtnet_poll+0xf4/0xe30 [virtio_net]\n ? __update_load_avg_cfs_rq+0x264/0x2d0\n ? update_curr+0x35/0x260\n ? reweight_entity+0x1be/0x260\n __napi_poll.constprop.0+0x28/0x1c0\n net_rx_action+0x329/0x420\n ? enqueue_hrtimer+0x35/0x90\n ? trace_hardirqs_on+0x1d/0x80\n ? kvm_sched_clock_read+0xd/0x20\n ? sched_clock+0xc/0x30\n ? kvm_sched_clock_read+0xd/0x20\n ? sched_clock+0xc/0x30\n ? sched_clock_cpu+0xd/0x1a0\n handle_softirqs+0x138/0x3e0\n do_softirq.part.0+0x89/0xc0\n \n \n __local_bh_enable_ip+0xa7/0xb0\n virtnet_open+0xc8/0x310 [virtio_net]\n __dev_open+0xfa/0x1b0\n __dev_change_flags+0x1de/0x250\n dev_change_flags+0x22/0x60\n do_setlink.isra.0+0x2df/0x10b0\n ? rtnetlink_rcv_msg+0x34f/0x3f0\n ? netlink_rcv_skb+0x54/0x100\n ? netlink_unicas\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbcad66d-d06b-4944-bbb3-79a1463adb81.json b/objects/vulnerability/vulnerability--fbcad66d-d06b-4944-bbb3-79a1463adb81.json new file mode 100644 index 00000000000..8e1dffa8fe8 --- /dev/null +++ b/objects/vulnerability/vulnerability--fbcad66d-d06b-4944-bbb3-79a1463adb81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--558b246d-f7af-4795-a2cb-3e19fae2f39c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbcad66d-d06b-4944-bbb3-79a1463adb81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.433009Z", + "modified": "2024-12-30T00:22:03.433009Z", + "name": "CVE-2024-56715", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nionic: Fix netdev notifier unregister on failure\n\nIf register_netdev() fails, then the driver leaks the netdev notifier.\nFix this by calling ionic_lif_unregister() on register_netdev()\nfailure. This will also call ionic_lif_unregister_phc() if it has\nalready been registered.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56715" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fcbd43c1-590e-40a3-9532-10db3accf723.json b/objects/vulnerability/vulnerability--fcbd43c1-590e-40a3-9532-10db3accf723.json new file mode 100644 index 00000000000..602f8136bae --- /dev/null +++ b/objects/vulnerability/vulnerability--fcbd43c1-590e-40a3-9532-10db3accf723.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f83ad8c-49f1-48ff-8168-512a70f4f616", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fcbd43c1-590e-40a3-9532-10db3accf723", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.452876Z", + "modified": "2024-12-30T00:22:03.452876Z", + "name": "CVE-2024-56542", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix a memleak issue when driver is removed\n\nRunning \"modprobe amdgpu\" the second time (followed by a modprobe -r\namdgpu) causes a call trace like:\n\n[ 845.212163] Memory manager not clean during takedown.\n[ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40\n[ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_suballoc_helper drm_display_helper i2c_algo_bit amdttm(OE) amdkcl(OE) cec rc_core sunrpc qrtr intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_usb_audio snd_hda_codec snd_usbmidi_lib kvm_amd snd_hda_core snd_ump mc snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass crct10dif_pclmul snd_rawmidi polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 snd_seq aesni_intel crypto_simd snd_seq_device cryptd snd_timer mfd_aaeon asus_nb_wmi eeepc_wmi joydev asus_wmi snd ledtrig_audio sparse_keymap ccp wmi_bmof input_leds k10temp i2c_piix4 platform_profile rapl soundcore gpio_amdpt mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid ahci xhci_pci igc crc32_pclmul libahci xhci_pci_renesas video\n[ 845.212284] wmi [last unloaded: amddrm_ttm_helper(OE)]\n[ 845.212290] CPU: 4 PID: 2481 Comm: modprobe Tainted: G W OE 6.8.0-31-generic #31-Ubuntu\n[ 845.212296] RIP: 0010:drm_mm_takedown+0x2b/0x40\n[ 845.212300] Code: 1f 44 00 00 48 8b 47 38 48 83 c7 38 48 39 f8 75 09 31 c0 31 ff e9 90 2e 86 00 55 48 c7 c7 d0 f6 8e 8a 48 89 e5 e8 f5 db 45 ff <0f> 0b 5d 31 c0 31 ff e9 74 2e 86 00 66 0f 1f 84 00 00 00 00 00 90\n[ 845.212302] RSP: 0018:ffffb11302127ae0 EFLAGS: 00010246\n[ 845.212305] RAX: 0000000000000000 RBX: ffff92aa5020fc08 RCX: 0000000000000000\n[ 845.212307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 845.212309] RBP: ffffb11302127ae0 R08: 0000000000000000 R09: 0000000000000000\n[ 845.212310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004\n[ 845.212312] R13: ffff92aa50200000 R14: ffff92aa5020fb10 R15: ffff92aa5020faa0\n[ 845.212313] FS: 0000707dd7c7c080(0000) GS:ffff92b93de00000(0000) knlGS:0000000000000000\n[ 845.212316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 845.212318] CR2: 00007d48b0aee200 CR3: 0000000115a58000 CR4: 0000000000f50ef0\n[ 845.212320] PKRU: 55555554\n[ 845.212321] Call Trace:\n[ 845.212323] \n[ 845.212328] ? show_regs+0x6d/0x80\n[ 845.212333] ? __warn+0x89/0x160\n[ 845.212339] ? drm_mm_takedown+0x2b/0x40\n[ 845.212344] ? report_bug+0x17e/0x1b0\n[ 845.212350] ? handle_bug+0x51/0xa0\n[ 845.212355] ? exc_invalid_op+0x18/0x80\n[ 845.212359] ? asm_exc_invalid_op+0x1b/0x20\n[ 845.212366] ? drm_mm_takedown+0x2b/0x40\n[ 845.212371] amdgpu_gtt_mgr_fini+0xa9/0x130 [amdgpu]\n[ 845.212645] amdgpu_ttm_fini+0x264/0x340 [amdgpu]\n[ 845.212770] amdgpu_bo_fini+0x2e/0xc0 [amdgpu]\n[ 845.212894] gmc_v12_0_sw_fini+0x2a/0x40 [amdgpu]\n[ 845.213036] amdgpu_device_fini_sw+0x11a/0x590 [amdgpu]\n[ 845.213159] amdgpu_driver_release_kms+0x16/0x40 [amdgpu]\n[ 845.213302] devm_drm_dev_init_release+0x5e/0x90\n[ 845.213305] devm_action_release+0x12/0x30\n[ 845.213308] release_nodes+0x42/0xd0\n[ 845.213311] devres_release_all+0x97/0xe0\n[ 845.213314] device_unbind_cleanup+0x12/0x80\n[ 845.213317] device_release_driver_internal+0x230/0x270\n[ 845.213319] ? srso_alias_return_thunk+0x5/0xfbef5\n\nThis is caused by lost memory during early init phase. First time driver\nis removed, memory is freed but when second time the driver is inserted,\nVBIOS dmub is not active, since the PSP policy is to retain the driver\nloaded version on subsequent warm boots. Hence, communication with VBIOS\nDMUB fails.\n\nFix this by aborting further comm\n---truncated---", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd4ec900-0bc4-4a94-b427-fd2206b002e9.json b/objects/vulnerability/vulnerability--fd4ec900-0bc4-4a94-b427-fd2206b002e9.json new file mode 100644 index 00000000000..55f4256649e --- /dev/null +++ b/objects/vulnerability/vulnerability--fd4ec900-0bc4-4a94-b427-fd2206b002e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51d57e92-c7e3-4c71-a69b-3da2919d5b48", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd4ec900-0bc4-4a94-b427-fd2206b002e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.472287Z", + "modified": "2024-12-30T00:22:03.472287Z", + "name": "CVE-2024-56579", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: Set video drvdata before register video device\n\nThe video drvdata should be set before the video device is registered,\notherwise video_drvdata() may return NULL in the open() file ops, and led\nto oops.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56579" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdb29723-0a5c-4e1d-a365-655583036cbd.json b/objects/vulnerability/vulnerability--fdb29723-0a5c-4e1d-a365-655583036cbd.json new file mode 100644 index 00000000000..463045d07ab --- /dev/null +++ b/objects/vulnerability/vulnerability--fdb29723-0a5c-4e1d-a365-655583036cbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--470440e4-dfdb-4a42-9fd6-26952f01df5d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdb29723-0a5c-4e1d-a365-655583036cbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:02.395199Z", + "modified": "2024-12-30T00:22:02.395199Z", + "name": "CVE-2024-53225", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/tegra241-cmdqv: Fix alignment failure at max_n_shift\n\nWhen configuring a kernel with PAGE_SIZE=4KB, depending on its setting of\nCONFIG_CMA_ALIGNMENT, VCMDQ_LOG2SIZE_MAX=19 could fail the alignment test\nand trigger a WARN_ON:\n WARNING: at drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3646\n Call trace:\n arm_smmu_init_one_queue+0x15c/0x210\n tegra241_cmdqv_init_structures+0x114/0x338\n arm_smmu_device_probe+0xb48/0x1d90\n\nFix it by capping max_n_shift to CMDQ_MAX_SZ_SHIFT as SMMUv3 CMDQ does.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fddbdd18-590c-436e-be56-8812e1ec2e07.json b/objects/vulnerability/vulnerability--fddbdd18-590c-436e-be56-8812e1ec2e07.json new file mode 100644 index 00000000000..e702812bc64 --- /dev/null +++ b/objects/vulnerability/vulnerability--fddbdd18-590c-436e-be56-8812e1ec2e07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1682c323-e877-4d04-b0da-d01ef1ff2488", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fddbdd18-590c-436e-be56-8812e1ec2e07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.601093Z", + "modified": "2024-12-30T00:22:03.601093Z", + "name": "CVE-2024-56539", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()\n\nReplace one-element array with a flexible-array member in `struct\nmwifiex_ie_types_wildcard_ssid_params` to fix the following warning\non a MT8173 Chromebook (mt8173-elm-hana):\n\n[ 356.775250] ------------[ cut here ]------------\n[ 356.784543] memcpy: detected field-spanning write (size 6) of single field \"wildcard_ssid_tlv->ssid\" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1)\n[ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex]\n\nThe \"(size 6)\" above is exactly the length of the SSID of the network\nthis device was connected to. The source of the warning looks like:\n\n ssid_len = user_scan_in->ssid_list[i].ssid_len;\n [...]\n memcpy(wildcard_ssid_tlv->ssid,\n user_scan_in->ssid_list[i].ssid, ssid_len);\n\nThere is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this\nstruct, but it already didn't account for the size of the one-element\narray, so it doesn't need to be changed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdf357b7-8ed7-47d3-a83c-a70c1a2c965d.json b/objects/vulnerability/vulnerability--fdf357b7-8ed7-47d3-a83c-a70c1a2c965d.json new file mode 100644 index 00000000000..ab098cf52e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--fdf357b7-8ed7-47d3-a83c-a70c1a2c965d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f65d3ce-d210-452c-b93f-fb146848ca29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdf357b7-8ed7-47d3-a83c-a70c1a2c965d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.424899Z", + "modified": "2024-12-30T00:22:03.424899Z", + "name": "CVE-2024-56628", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Add architecture specific huge_pte_clear()\n\nWhen executing mm selftests run_vmtests.sh, there is such an error:\n\n BUG: Bad page state in process uffd-unit-tests pfn:00000\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0\n flags: 0xffff0000002000(reserved|node=0|zone=0|lastcpupid=0xffff)\n raw: 00ffff0000002000 ffffbf0000000008 ffffbf0000000008 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set\n Modules linked in: snd_seq_dummy snd_seq snd_seq_device rfkill vfat fat\n virtio_balloon efi_pstore virtio_net pstore net_failover failover fuse\n nfnetlink virtio_scsi virtio_gpu virtio_dma_buf dm_multipath efivarfs\n CPU: 2 UID: 0 PID: 1913 Comm: uffd-unit-tests Not tainted 6.12.0 #184\n Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n Stack : 900000047c8ac000 0000000000000000 9000000000223a7c 900000047c8ac000\n 900000047c8af690 900000047c8af698 0000000000000000 900000047c8af7d8\n 900000047c8af7d0 900000047c8af7d0 900000047c8af5b0 0000000000000001\n 0000000000000001 900000047c8af698 10b3c7d53da40d26 0000010000000000\n 0000000000000022 0000000fffffffff fffffffffe000000 ffff800000000000\n 000000000000002f 0000800000000000 000000017a6d4000 90000000028f8940\n 0000000000000000 0000000000000000 90000000025aa5e0 9000000002905000\n 0000000000000000 90000000028f8940 ffff800000000000 0000000000000000\n 0000000000000000 0000000000000000 9000000000223a94 000000012001839c\n 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d\n ...\n Call Trace:\n [<9000000000223a94>] show_stack+0x5c/0x180\n [<9000000001c3fd64>] dump_stack_lvl+0x6c/0xa0\n [<900000000056aa08>] bad_page+0x1a0/0x1f0\n [<9000000000574978>] free_unref_folios+0xbf0/0xd20\n [<90000000004e65cc>] folios_put_refs+0x1a4/0x2b8\n [<9000000000599a0c>] free_pages_and_swap_cache+0x164/0x260\n [<9000000000547698>] tlb_batch_pages_flush+0xa8/0x1c0\n [<9000000000547f30>] tlb_finish_mmu+0xa8/0x218\n [<9000000000543cb8>] exit_mmap+0x1a0/0x360\n [<9000000000247658>] __mmput+0x78/0x200\n [<900000000025583c>] do_exit+0x43c/0xde8\n [<9000000000256490>] do_group_exit+0x68/0x110\n [<9000000000256554>] sys_exit_group+0x1c/0x20\n [<9000000001c413b4>] do_syscall+0x94/0x130\n [<90000000002216d8>] handle_syscall+0xb8/0x158\n Disabling lock debugging due to kernel taint\n BUG: non-zero pgtables_bytes on freeing mm: -16384\n\nOn LoongArch system, invalid huge pte entry should be invalid_pte_table\nor a single _PAGE_HUGE bit rather than a zero value. And it should be\nthe same with invalid pmd entry, since pmd_none() is called by function\nfree_pgd_range() and pmd_none() return 0 by huge_pte_clear(). So single\n_PAGE_HUGE bit is also treated as a valid pte table and free_pte_range()\nwill be called in free_pmd_range().\n\n free_pmd_range()\n pmd = pmd_offset(pud, addr);\n do {\n next = pmd_addr_end(addr, end);\n if (pmd_none_or_clear_bad(pmd))\n continue;\n free_pte_range(tlb, pmd, addr);\n } while (pmd++, addr = next, addr != end);\n\nHere invalid_pte_table is used for both invalid huge pte entry and\npmd entry.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fecb65d9-444d-483f-9f20-75846fecd153.json b/objects/vulnerability/vulnerability--fecb65d9-444d-483f-9f20-75846fecd153.json new file mode 100644 index 00000000000..e938501ff6d --- /dev/null +++ b/objects/vulnerability/vulnerability--fecb65d9-444d-483f-9f20-75846fecd153.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bacb17cf-2217-471f-8f61-6b154bc1bf81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fecb65d9-444d-483f-9f20-75846fecd153", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.425904Z", + "modified": "2024-12-30T00:22:03.425904Z", + "name": "CVE-2024-56712", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix memory leak on last export_udmabuf() error path\n\nIn export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a\ndma_buf owning the udmabuf has already been created; but the error handling\nin udmabuf_create() will tear down the udmabuf without doing anything about\nthe containing dma_buf.\n\nThis leaves a dma_buf in memory that contains a dangling pointer; though\nthat doesn't seem to lead to anything bad except a memory leak.\n\nFix it by moving the dma_buf_fd() call out of export_udmabuf() so that we\ncan give it different error handling.\n\nNote that the shape of this code changed a lot in commit 5e72b2b41a21\n(\"udmabuf: convert udmabuf driver to use folios\"); but the memory leak\nseems to have existed since the introduction of udmabuf.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56712" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff3c1298-df21-490d-bae2-353a8a65201a.json b/objects/vulnerability/vulnerability--ff3c1298-df21-490d-bae2-353a8a65201a.json new file mode 100644 index 00000000000..5132083fe58 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff3c1298-df21-490d-bae2-353a8a65201a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab7aa0f1-6d4a-405b-9e16-f96b16a64e40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff3c1298-df21-490d-bae2-353a8a65201a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2024-12-30T00:22:03.372009Z", + "modified": "2024-12-30T00:22:03.372009Z", + "name": "CVE-2024-56684", + "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()\n\nIt should be size of the struct clk_bulk_data, not data pointer pass to\ndevm_kcalloc().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56684" + } + ] + } + ] +} \ No newline at end of file