From 2768dbce67293235296a77ac290b5ab0a64ad515 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 21:32:07 +0000 Subject: [PATCH] Advisory Database Sync --- .../GHSA-2hh5-254v-jpf4.json | 15 +++-- .../GHSA-2m8j-fx85-xvhm.json | 15 +++-- .../GHSA-2pp7-rwqg-2gcx.json | 15 +++-- .../GHSA-2r6r-v6fp-6x6r.json | 15 +++-- .../GHSA-44v6-xcjw-whc3.json | 15 +++-- .../GHSA-4g8g-hf76-7rpm.json | 15 +++-- .../GHSA-4mc8-63f2-q4p2.json | 15 +++-- .../GHSA-5x62-xmmp-3f69.json | 15 +++-- .../GHSA-6h98-v544-xj7q.json | 15 +++-- .../GHSA-6pvp-xcj5-pgh8.json | 15 +++-- .../GHSA-747f-wh5x-mp2p.json | 15 +++-- .../GHSA-7h7v-xpwq-j3w4.json | 15 +++-- .../GHSA-7r2w-9mrv-hfqg.json | 15 +++-- .../GHSA-ch44-784c-7wgq.json | 15 +++-- .../GHSA-f8m5-x3mv-32wr.json | 15 +++-- .../GHSA-g3v4-6rhh-7539.json | 15 +++-- .../GHSA-gg86-5h5f-jrwx.json | 15 +++-- .../GHSA-gx2j-3fvm-rqj3.json | 15 +++-- .../GHSA-hpp4-8vc7-9fh4.json | 15 +++-- .../GHSA-hw85-hfvh-5cgr.json | 11 +++- .../GHSA-hw8p-x386-rr5f.json | 15 +++-- .../GHSA-jqwg-pjjq-gqv5.json | 15 +++-- .../GHSA-pcr5-v468-562j.json | 15 +++-- .../GHSA-pmmh-7pm7-hc62.json | 15 +++-- .../GHSA-prq2-qj2r-jcgv.json | 15 +++-- .../GHSA-q44p-8h6w-57m6.json | 15 +++-- .../GHSA-qh4w-v3w8-h422.json | 15 +++-- .../GHSA-qj4q-cgq8-w2m4.json | 15 +++-- .../GHSA-r2r3-fm28-9g3h.json | 15 +++-- .../GHSA-wr5g-85mp-25c9.json | 15 +++-- .../GHSA-x5xr-8rhw-qpr4.json | 15 +++-- .../GHSA-xm9j-x4hp-v2x3.json | 15 +++-- .../GHSA-xwxp-fcpw-w82j.json | 15 +++-- .../GHSA-3g8x-wqfp-q876.json | 23 ++++++-- .../GHSA-2r3p-qwrg-gqxg.json | 40 +++++++++++++ .../GHSA-42jc-g99g-2vp7.json | 36 ++++++++++++ .../GHSA-43c2-phgp-56f4.json | 6 +- .../GHSA-4545-q8rv-g7f9.json | 36 ++++++++++++ .../GHSA-4h74-vc8c-xw9c.json | 36 ++++++++++++ .../GHSA-4xwp-g9pw-p63q.json | 56 +++++++++++++++++++ .../GHSA-63m5-77xw-xrr4.json | 40 +++++++++++++ .../GHSA-75vw-c383-9fj8.json | 36 ++++++++++++ .../GHSA-866w-76w7-m942.json | 36 ++++++++++++ .../GHSA-9qcv-f3w6-jhh5.json | 36 ++++++++++++ .../GHSA-9v5h-r53g-893v.json | 40 +++++++++++++ .../GHSA-h4xj-2f5c-36j7.json | 36 ++++++++++++ .../GHSA-mm9p-gqvv-gr69.json | 36 ++++++++++++ .../GHSA-pc87-q35p-2r45.json | 6 +- .../GHSA-pffh-vp29-72w3.json | 36 ++++++++++++ .../GHSA-rfx4-8cp9-vwwx.json | 40 +++++++++++++ .../GHSA-xpwc-vww2-w3pr.json | 40 +++++++++++++ 51 files changed, 969 insertions(+), 137 deletions(-) create mode 100644 advisories/unreviewed/2024/12/GHSA-2r3p-qwrg-gqxg/GHSA-2r3p-qwrg-gqxg.json create mode 100644 advisories/unreviewed/2024/12/GHSA-42jc-g99g-2vp7/GHSA-42jc-g99g-2vp7.json create mode 100644 advisories/unreviewed/2024/12/GHSA-4545-q8rv-g7f9/GHSA-4545-q8rv-g7f9.json create mode 100644 advisories/unreviewed/2024/12/GHSA-4h74-vc8c-xw9c/GHSA-4h74-vc8c-xw9c.json create mode 100644 advisories/unreviewed/2024/12/GHSA-4xwp-g9pw-p63q/GHSA-4xwp-g9pw-p63q.json create mode 100644 advisories/unreviewed/2024/12/GHSA-63m5-77xw-xrr4/GHSA-63m5-77xw-xrr4.json create mode 100644 advisories/unreviewed/2024/12/GHSA-75vw-c383-9fj8/GHSA-75vw-c383-9fj8.json create mode 100644 advisories/unreviewed/2024/12/GHSA-866w-76w7-m942/GHSA-866w-76w7-m942.json create mode 100644 advisories/unreviewed/2024/12/GHSA-9qcv-f3w6-jhh5/GHSA-9qcv-f3w6-jhh5.json create mode 100644 advisories/unreviewed/2024/12/GHSA-9v5h-r53g-893v/GHSA-9v5h-r53g-893v.json create mode 100644 advisories/unreviewed/2024/12/GHSA-h4xj-2f5c-36j7/GHSA-h4xj-2f5c-36j7.json create mode 100644 advisories/unreviewed/2024/12/GHSA-mm9p-gqvv-gr69/GHSA-mm9p-gqvv-gr69.json create mode 100644 advisories/unreviewed/2024/12/GHSA-pffh-vp29-72w3/GHSA-pffh-vp29-72w3.json create mode 100644 advisories/unreviewed/2024/12/GHSA-rfx4-8cp9-vwwx/GHSA-rfx4-8cp9-vwwx.json create mode 100644 advisories/unreviewed/2024/12/GHSA-xpwc-vww2-w3pr/GHSA-xpwc-vww2-w3pr.json diff --git a/advisories/unreviewed/2024/05/GHSA-2hh5-254v-jpf4/GHSA-2hh5-254v-jpf4.json b/advisories/unreviewed/2024/05/GHSA-2hh5-254v-jpf4/GHSA-2hh5-254v-jpf4.json index 7e4fff9226dc1..c20de6c3636aa 100644 --- a/advisories/unreviewed/2024/05/GHSA-2hh5-254v-jpf4/GHSA-2hh5-254v-jpf4.json +++ b/advisories/unreviewed/2024/05/GHSA-2hh5-254v-jpf4/GHSA-2hh5-254v-jpf4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-2hh5-254v-jpf4", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47247" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix use-after-free of encap entry in neigh update handler\n\nFunction mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock\nremoval from TC filter update path and properly handle concurrent encap\nentry insertion/deletion which can lead to following use-after-free:\n\n [23827.464923] ==================================================================\n [23827.469446] BUG: KASAN: use-after-free in mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.470971] Read of size 4 at addr ffff8881d132228c by task kworker/u20:6/21635\n [23827.472251]\n [23827.472615] CPU: 9 PID: 21635 Comm: kworker/u20:6 Not tainted 5.13.0-rc3+ #5\n [23827.473788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n [23827.475639] Workqueue: mlx5e mlx5e_rep_neigh_update [mlx5_core]\n [23827.476731] Call Trace:\n [23827.477260] dump_stack+0xbb/0x107\n [23827.477906] print_address_description.constprop.0+0x18/0x140\n [23827.478896] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.479879] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.480905] kasan_report.cold+0x7c/0xd8\n [23827.481701] ? mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.482744] kasan_check_range+0x145/0x1a0\n [23827.493112] mlx5e_encap_take+0x72/0x140 [mlx5_core]\n [23827.494054] ? mlx5e_tc_tun_encap_info_equal_generic+0x140/0x140 [mlx5_core]\n [23827.495296] mlx5e_rep_neigh_update+0x41e/0x5e0 [mlx5_core]\n [23827.496338] ? mlx5e_rep_neigh_entry_release+0xb80/0xb80 [mlx5_core]\n [23827.497486] ? read_word_at_a_time+0xe/0x20\n [23827.498250] ? strscpy+0xa0/0x2a0\n [23827.498889] process_one_work+0x8ac/0x14e0\n [23827.499638] ? lockdep_hardirqs_on_prepare+0x400/0x400\n [23827.500537] ? pwq_dec_nr_in_flight+0x2c0/0x2c0\n [23827.501359] ? rwlock_bug.part.0+0x90/0x90\n [23827.502116] worker_thread+0x53b/0x1220\n [23827.502831] ? process_one_work+0x14e0/0x14e0\n [23827.503627] kthread+0x328/0x3f0\n [23827.504254] ? _raw_spin_unlock_irq+0x24/0x40\n [23827.505065] ? __kthread_bind_mask+0x90/0x90\n [23827.505912] ret_from_fork+0x1f/0x30\n [23827.506621]\n [23827.506987] Allocated by task 28248:\n [23827.507694] kasan_save_stack+0x1b/0x40\n [23827.508476] __kasan_kmalloc+0x7c/0x90\n [23827.509197] mlx5e_attach_encap+0xde1/0x1d40 [mlx5_core]\n [23827.510194] mlx5e_tc_add_fdb_flow+0x397/0xc40 [mlx5_core]\n [23827.511218] __mlx5e_add_fdb_flow+0x519/0xb30 [mlx5_core]\n [23827.512234] mlx5e_configure_flower+0x191c/0x4870 [mlx5_core]\n [23827.513298] tc_setup_cb_add+0x1d5/0x420\n [23827.514023] fl_hw_replace_filter+0x382/0x6a0 [cls_flower]\n [23827.514975] fl_change+0x2ceb/0x4a51 [cls_flower]\n [23827.515821] tc_new_tfilter+0x89a/0x2070\n [23827.516548] rtnetlink_rcv_msg+0x644/0x8c0\n [23827.517300] netlink_rcv_skb+0x11d/0x340\n [23827.518021] netlink_unicast+0x42b/0x700\n [23827.518742] netlink_sendmsg+0x743/0xc20\n [23827.519467] sock_sendmsg+0xb2/0xe0\n [23827.520131] ____sys_sendmsg+0x590/0x770\n [23827.520851] ___sys_sendmsg+0xd8/0x160\n [23827.521552] __sys_sendmsg+0xb7/0x140\n [23827.522238] do_syscall_64+0x3a/0x70\n [23827.522907] entry_SYSCALL_64_after_hwframe+0x44/0xae\n [23827.523797]\n [23827.524163] Freed by task 25948:\n [23827.524780] kasan_save_stack+0x1b/0x40\n [23827.525488] kasan_set_track+0x1c/0x30\n [23827.526187] kasan_set_free_info+0x20/0x30\n [23827.526968] __kasan_slab_free+0xed/0x130\n [23827.527709] slab_free_freelist_hook+0xcf/0x1d0\n [23827.528528] kmem_cache_free_bulk+0x33a/0x6e0\n [23827.529317] kfree_rcu_work+0x55f/0xb70\n [23827.530024] process_one_work+0x8ac/0x14e0\n [23827.530770] worker_thread+0x53b/0x1220\n [23827.531480] kthread+0x328/0x3f0\n [23827.532114] ret_from_fork+0x1f/0x30\n [23827.532785]\n [23827.533147] Last potentially related work creation:\n [23827.534007] kasan_save_stack+0x1b/0x40\n [23827.534710] kasan_record_aux_stack+0xab/0xc0\n [23827.535492] kvfree_call_rcu+0x31/0x7b0\n [23827.536206] mlx5e_tc_del\n---truncated---", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-2m8j-fx85-xvhm/GHSA-2m8j-fx85-xvhm.json b/advisories/unreviewed/2024/05/GHSA-2m8j-fx85-xvhm/GHSA-2m8j-fx85-xvhm.json index fb0aabf0d97a2..9fdfb386685ed 100644 --- a/advisories/unreviewed/2024/05/GHSA-2m8j-fx85-xvhm/GHSA-2m8j-fx85-xvhm.json +++ b/advisories/unreviewed/2024/05/GHSA-2m8j-fx85-xvhm/GHSA-2m8j-fx85-xvhm.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-2m8j-fx85-xvhm", - "modified": "2024-06-26T00:31:43Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T09:34:47Z", "aliases": [ "CVE-2024-35905" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Protect against int overflow for stack access size\n\nThis patch re-introduces protection against the size of access to stack\nmemory being negative; the access size can appear negative as a result\nof overflowing its signed int representation. This should not actually\nhappen, as there are other protections along the way, but we should\nprotect against it anyway. One code path was missing such protections\n(fixed in the previous patch in the series), causing out-of-bounds array\naccesses in check_stack_range_initialized(). This patch causes the\nverification of a program with such a non-sensical access size to fail.\n\nThis check used to exist in a more indirect way, but was inadvertendly\nremoved in a833a17aeac7.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -44,8 +49,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-129" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T09:15:11Z" diff --git a/advisories/unreviewed/2024/05/GHSA-2pp7-rwqg-2gcx/GHSA-2pp7-rwqg-2gcx.json b/advisories/unreviewed/2024/05/GHSA-2pp7-rwqg-2gcx/GHSA-2pp7-rwqg-2gcx.json index db6aec2dbe5e3..b503902f8315a 100644 --- a/advisories/unreviewed/2024/05/GHSA-2pp7-rwqg-2gcx/GHSA-2pp7-rwqg-2gcx.json +++ b/advisories/unreviewed/2024/05/GHSA-2pp7-rwqg-2gcx/GHSA-2pp7-rwqg-2gcx.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-2pp7-rwqg-2gcx", - "modified": "2024-05-21T15:31:45Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:45Z", "aliases": [ "CVE-2021-47409" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -40,8 +45,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:26Z" diff --git a/advisories/unreviewed/2024/05/GHSA-2r6r-v6fp-6x6r/GHSA-2r6r-v6fp-6x6r.json b/advisories/unreviewed/2024/05/GHSA-2r6r-v6fp-6x6r/GHSA-2r6r-v6fp-6x6r.json index 0ab79ecc421be..b54ef3468832a 100644 --- a/advisories/unreviewed/2024/05/GHSA-2r6r-v6fp-6x6r/GHSA-2r6r-v6fp-6x6r.json +++ b/advisories/unreviewed/2024/05/GHSA-2r6r-v6fp-6x6r/GHSA-2r6r-v6fp-6x6r.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-2r6r-v6fp-6x6r", - "modified": "2024-12-02T09:39:11Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:21Z", "aliases": [ "CVE-2023-52812" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: check num of link levels when update pcie param\n\nIn SR-IOV environment, the value of pcie_table->num_of_link_levels will\nbe 0, and num_of_levels - 1 will cause array index out of bounds", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -32,8 +37,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-129" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:19Z" diff --git a/advisories/unreviewed/2024/05/GHSA-44v6-xcjw-whc3/GHSA-44v6-xcjw-whc3.json b/advisories/unreviewed/2024/05/GHSA-44v6-xcjw-whc3/GHSA-44v6-xcjw-whc3.json index 575b762338471..98d74369a5582 100644 --- a/advisories/unreviewed/2024/05/GHSA-44v6-xcjw-whc3/GHSA-44v6-xcjw-whc3.json +++ b/advisories/unreviewed/2024/05/GHSA-44v6-xcjw-whc3/GHSA-44v6-xcjw-whc3.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-44v6-xcjw-whc3", - "modified": "2024-05-21T18:31:21Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:21Z", "aliases": [ "CVE-2023-52818" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7\n\nFor pptable structs that use flexible array sizes, use flexible arrays.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -52,8 +57,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-129" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:19Z" diff --git a/advisories/unreviewed/2024/05/GHSA-4g8g-hf76-7rpm/GHSA-4g8g-hf76-7rpm.json b/advisories/unreviewed/2024/05/GHSA-4g8g-hf76-7rpm/GHSA-4g8g-hf76-7rpm.json index bc581e5154bf8..2dc53869c3dc9 100644 --- a/advisories/unreviewed/2024/05/GHSA-4g8g-hf76-7rpm/GHSA-4g8g-hf76-7rpm.json +++ b/advisories/unreviewed/2024/05/GHSA-4g8g-hf76-7rpm/GHSA-4g8g-hf76-7rpm.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4g8g-hf76-7rpm", - "modified": "2024-05-21T18:31:22Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:22Z", "aliases": [ "CVE-2023-52852" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to avoid use-after-free on dic\n\nCall trace:\n __memcpy+0x128/0x250\n f2fs_read_multi_pages+0x940/0xf7c\n f2fs_mpage_readpages+0x5a8/0x624\n f2fs_readahead+0x5c/0x110\n page_cache_ra_unbounded+0x1b8/0x590\n do_sync_mmap_readahead+0x1dc/0x2e4\n filemap_fault+0x254/0xa8c\n f2fs_filemap_fault+0x2c/0x104\n __do_fault+0x7c/0x238\n do_handle_mm_fault+0x11bc/0x2d14\n do_mem_abort+0x3a8/0x1004\n el0_da+0x3c/0xa0\n el0t_64_sync_handler+0xc4/0xec\n el0t_64_sync+0x1b4/0x1b8\n\nIn f2fs_read_multi_pages(), once f2fs_decompress_cluster() was called if\nwe hit cached page in compress_inode's cache, dic may be released, it needs\nbreak the loop rather than continuing it, in order to avoid accessing\ninvalid dic pointer.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:22Z" diff --git a/advisories/unreviewed/2024/05/GHSA-4mc8-63f2-q4p2/GHSA-4mc8-63f2-q4p2.json b/advisories/unreviewed/2024/05/GHSA-4mc8-63f2-q4p2/GHSA-4mc8-63f2-q4p2.json index b47a83cd67707..bbc2a3e16938e 100644 --- a/advisories/unreviewed/2024/05/GHSA-4mc8-63f2-q4p2/GHSA-4mc8-63f2-q4p2.json +++ b/advisories/unreviewed/2024/05/GHSA-4mc8-63f2-q4p2/GHSA-4mc8-63f2-q4p2.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-4mc8-63f2-q4p2", - "modified": "2024-05-21T18:31:22Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:22Z", "aliases": [ "CVE-2023-52826" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel/panel-tpo-tpg110: fix a possible null pointer dereference\n\nIn tpg110_get_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate(). Add a check to avoid npd.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -40,8 +45,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:20Z" diff --git a/advisories/unreviewed/2024/05/GHSA-5x62-xmmp-3f69/GHSA-5x62-xmmp-3f69.json b/advisories/unreviewed/2024/05/GHSA-5x62-xmmp-3f69/GHSA-5x62-xmmp-3f69.json index c9ded5f1ebfae..4eabb5ed9439f 100644 --- a/advisories/unreviewed/2024/05/GHSA-5x62-xmmp-3f69/GHSA-5x62-xmmp-3f69.json +++ b/advisories/unreviewed/2024/05/GHSA-5x62-xmmp-3f69/GHSA-5x62-xmmp-3f69.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-5x62-xmmp-3f69", - "modified": "2024-06-27T15:30:39Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T12:30:38Z", "aliases": [ "CVE-2024-35933" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: Fix null ptr deref in btintel_read_version\n\nIf hci_cmd_sync_complete() is triggered and skb is NULL, then\nhdev->req_skb is NULL, which will cause this issue.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -56,8 +61,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T11:15:49Z" diff --git a/advisories/unreviewed/2024/05/GHSA-6h98-v544-xj7q/GHSA-6h98-v544-xj7q.json b/advisories/unreviewed/2024/05/GHSA-6h98-v544-xj7q/GHSA-6h98-v544-xj7q.json index 62ff1b6214ef2..e96daeef84219 100644 --- a/advisories/unreviewed/2024/05/GHSA-6h98-v544-xj7q/GHSA-6h98-v544-xj7q.json +++ b/advisories/unreviewed/2024/05/GHSA-6h98-v544-xj7q/GHSA-6h98-v544-xj7q.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-6h98-v544-xj7q", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47240" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: fix OOB Read in qrtr_endpoint_post\n\nSyzbot reported slab-out-of-bounds Read in\nqrtr_endpoint_post. The problem was in wrong\n_size_ type:\n\n\tif (len != ALIGN(size, 4) + hdrlen)\n\t\tgoto err;\n\nIf size from qrtr_hdr is 4294967293 (0xfffffffd), the result of\nALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293\nin header this check won't fail and\n\n\tskb_put_data(skb, data + hdrlen, size);\n\nwill read out of bound from data, which is hdrlen allocated block.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-6pvp-xcj5-pgh8/GHSA-6pvp-xcj5-pgh8.json b/advisories/unreviewed/2024/05/GHSA-6pvp-xcj5-pgh8/GHSA-6pvp-xcj5-pgh8.json index c4b3ff9951832..11c2540f2582c 100644 --- a/advisories/unreviewed/2024/05/GHSA-6pvp-xcj5-pgh8/GHSA-6pvp-xcj5-pgh8.json +++ b/advisories/unreviewed/2024/05/GHSA-6pvp-xcj5-pgh8/GHSA-6pvp-xcj5-pgh8.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-6pvp-xcj5-pgh8", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47243" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsch_cake: Fix out of bounds when parsing TCP options and header\n\nThe TCP option parser in cake qdisc (cake_get_tcpopt and\ncake_tcph_may_drop) could read one byte out of bounds. When the length\nis 1, the execution flow gets into the loop, reads one byte of the\nopcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads\none more byte, which exceeds the length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded doff validation in cake_get_tcphdr to avoid parsing garbage as TCP\nheader. Although it wasn't strictly an out-of-bounds access (memory was\nallocated), garbage values could be read where CAKE expected the TCP\nheader if doff was smaller than 5.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-747f-wh5x-mp2p/GHSA-747f-wh5x-mp2p.json b/advisories/unreviewed/2024/05/GHSA-747f-wh5x-mp2p/GHSA-747f-wh5x-mp2p.json index 03b225ad6ce2d..5fb9058811aab 100644 --- a/advisories/unreviewed/2024/05/GHSA-747f-wh5x-mp2p/GHSA-747f-wh5x-mp2p.json +++ b/advisories/unreviewed/2024/05/GHSA-747f-wh5x-mp2p/GHSA-747f-wh5x-mp2p.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-747f-wh5x-mp2p", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47239" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix possible use-after-free in smsc75xx_bind\n\nThe commit 46a8b29c6306 (\"net: usb: fix memory leak in smsc75xx_bind\")\nfails to clean up the work scheduled in smsc75xx_reset->\nsmsc75xx_set_multicast, which leads to use-after-free if the work is\nscheduled to start after the deallocation. In addition, this patch\nalso removes a dangling pointer - dev->data[0].\n\nThis patch calls cancel_work_sync to cancel the scheduled work and set\nthe dangling pointer to NULL.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-7h7v-xpwq-j3w4/GHSA-7h7v-xpwq-j3w4.json b/advisories/unreviewed/2024/05/GHSA-7h7v-xpwq-j3w4/GHSA-7h7v-xpwq-j3w4.json index 105fd71e73687..4e7e9832a8910 100644 --- a/advisories/unreviewed/2024/05/GHSA-7h7v-xpwq-j3w4/GHSA-7h7v-xpwq-j3w4.json +++ b/advisories/unreviewed/2024/05/GHSA-7h7v-xpwq-j3w4/GHSA-7h7v-xpwq-j3w4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-7h7v-xpwq-j3w4", - "modified": "2024-05-21T18:31:22Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:22Z", "aliases": [ "CVE-2023-52849" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/mem: Fix shutdown order\n\nIra reports that removing cxl_mock_mem causes a crash with the following\ntrace:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000044\n [..]\n RIP: 0010:cxl_region_decode_reset+0x7f/0x180 [cxl_core]\n [..]\n Call Trace:\n \n cxl_region_detach+0xe8/0x210 [cxl_core]\n cxl_decoder_kill_region+0x27/0x40 [cxl_core]\n cxld_unregister+0x29/0x40 [cxl_core]\n devres_release_all+0xb8/0x110\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1d2/0x210\n bus_remove_device+0xd7/0x150\n device_del+0x155/0x3e0\n device_unregister+0x13/0x60\n devm_release_action+0x4d/0x90\n ? __pfx_unregister_port+0x10/0x10 [cxl_core]\n delete_endpoint+0x121/0x130 [cxl_core]\n devres_release_all+0xb8/0x110\n device_unbind_cleanup+0xe/0x70\n device_release_driver_internal+0x1d2/0x210\n bus_remove_device+0xd7/0x150\n device_del+0x155/0x3e0\n ? lock_release+0x142/0x290\n cdev_device_del+0x15/0x50\n cxl_memdev_unregister+0x54/0x70 [cxl_core]\n\nThis crash is due to the clearing out the cxl_memdev's driver context\n(@cxlds) before the subsystem is done with it. This is ultimately due to\nthe region(s), that this memdev is a member, being torn down and expecting\nto be able to de-reference @cxlds, like here:\n\nstatic int cxl_region_decode_reset(struct cxl_region *cxlr, int count)\n...\n if (cxlds->rcd)\n goto endpoint_reset;\n...\n\nFix it by keeping the driver context valid until memdev-device\nunregistration, and subsequently the entire stack of related\ndependencies, unwinds.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:22Z" diff --git a/advisories/unreviewed/2024/05/GHSA-7r2w-9mrv-hfqg/GHSA-7r2w-9mrv-hfqg.json b/advisories/unreviewed/2024/05/GHSA-7r2w-9mrv-hfqg/GHSA-7r2w-9mrv-hfqg.json index b9c935e7ac36c..d3abe4733000a 100644 --- a/advisories/unreviewed/2024/05/GHSA-7r2w-9mrv-hfqg/GHSA-7r2w-9mrv-hfqg.json +++ b/advisories/unreviewed/2024/05/GHSA-7r2w-9mrv-hfqg/GHSA-7r2w-9mrv-hfqg.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-7r2w-9mrv-hfqg", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47237" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hamradio: fix memory leak in mkiss_close\n\nMy local syzbot instance hit memory leak in\nmkiss_open()[1]. The problem was in missing\nfree_netdev() in mkiss_close().\n\nIn mkiss_open() netdevice is allocated and then\nregistered, but in mkiss_close() netdevice was\nonly unregistered, but not freed.\n\nFail log:\n\nBUG: memory leak\nunreferenced object 0xffff8880281ba000 (size 4096):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 61 78 30 00 00 00 00 00 00 00 00 00 00 00 00 00 ax0.............\n 00 27 fa 2a 80 88 ff ff 00 00 00 00 00 00 00 00 .'.*............\n backtrace:\n [] kvmalloc_node+0x61/0xf0\n [] alloc_netdev_mqs+0x98/0xe80\n [] mkiss_open+0xb2/0x6f0 [1]\n [] tty_ldisc_open+0x9b/0x110\n [] tty_set_ldisc+0x2e8/0x670\n [] tty_ioctl+0xda3/0x1440\n [] __x64_sys_ioctl+0x193/0x200\n [] do_syscall_64+0x3a/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880141a9a00 (size 96):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n e8 a2 1b 28 80 88 ff ff e8 a2 1b 28 80 88 ff ff ...(.......(....\n 98 92 9c aa b0 40 02 00 00 00 00 00 00 00 00 00 .....@..........\n backtrace:\n [] __hw_addr_create_ex+0x5b/0x310\n [] __hw_addr_add_ex+0x1f8/0x2b0\n [] dev_addr_init+0x10b/0x1f0\n [] alloc_netdev_mqs+0x13b/0xe80\n [] mkiss_open+0xb2/0x6f0 [1]\n [] tty_ldisc_open+0x9b/0x110\n [] tty_set_ldisc+0x2e8/0x670\n [] tty_ioctl+0xda3/0x1440\n [] __x64_sys_ioctl+0x193/0x200\n [] do_syscall_64+0x3a/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff8880219bfc00 (size 512):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 00 a0 1b 28 80 88 ff ff 80 8f b1 8d ff ff ff ff ...(............\n 80 8f b1 8d ff ff ff ff 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kvmalloc_node+0x61/0xf0\n [] alloc_netdev_mqs+0x777/0xe80\n [] mkiss_open+0xb2/0x6f0 [1]\n [] tty_ldisc_open+0x9b/0x110\n [] tty_set_ldisc+0x2e8/0x670\n [] tty_ioctl+0xda3/0x1440\n [] __x64_sys_ioctl+0x193/0x200\n [] do_syscall_64+0x3a/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nBUG: memory leak\nunreferenced object 0xffff888029b2b200 (size 256):\n comm \"syz-executor.1\", pid 11443, jiffies 4295046091 (age 17.660s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [] kvmalloc_node+0x61/0xf0\n [] alloc_netdev_mqs+0x912/0xe80\n [] mkiss_open+0xb2/0x6f0 [1]\n [] tty_ldisc_open+0x9b/0x110\n [] tty_set_ldisc+0x2e8/0x670\n [] tty_ioctl+0xda3/0x1440\n [] __x64_sys_ioctl+0x193/0x200\n [] do_syscall_64+0x3a/0xb0\n [] entry_SYSCALL_64_after_hwframe+0x44/0xae", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:12Z" diff --git a/advisories/unreviewed/2024/05/GHSA-ch44-784c-7wgq/GHSA-ch44-784c-7wgq.json b/advisories/unreviewed/2024/05/GHSA-ch44-784c-7wgq/GHSA-ch44-784c-7wgq.json index 7fff78ca88ffe..256144ba4cb67 100644 --- a/advisories/unreviewed/2024/05/GHSA-ch44-784c-7wgq/GHSA-ch44-784c-7wgq.json +++ b/advisories/unreviewed/2024/05/GHSA-ch44-784c-7wgq/GHSA-ch44-784c-7wgq.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-ch44-784c-7wgq", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47245" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-f8m5-x3mv-32wr/GHSA-f8m5-x3mv-32wr.json b/advisories/unreviewed/2024/05/GHSA-f8m5-x3mv-32wr/GHSA-f8m5-x3mv-32wr.json index 5fa29e2d8e3f9..8683f19707366 100644 --- a/advisories/unreviewed/2024/05/GHSA-f8m5-x3mv-32wr/GHSA-f8m5-x3mv-32wr.json +++ b/advisories/unreviewed/2024/05/GHSA-f8m5-x3mv-32wr/GHSA-f8m5-x3mv-32wr.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-f8m5-x3mv-32wr", - "modified": "2024-05-21T18:31:22Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T18:31:22Z", "aliases": [ "CVE-2023-52850" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hantro: Check whether reset op is defined before use\n\nThe i.MX8MM/N/P does not define the .reset op since reset of the VPU is\ndone by genpd. Check whether the .reset op is defined before calling it\nto avoid NULL pointer dereference.\n\nNote that the Fixes tag is set to the commit which removed the reset op\nfrom i.MX8M Hantro G2 implementation, this is because before this commit\nall the implementations did define the .reset op.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -32,8 +37,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T16:15:22Z" diff --git a/advisories/unreviewed/2024/05/GHSA-g3v4-6rhh-7539/GHSA-g3v4-6rhh-7539.json b/advisories/unreviewed/2024/05/GHSA-g3v4-6rhh-7539/GHSA-g3v4-6rhh-7539.json index 1304f4f18a999..511d8b9741577 100644 --- a/advisories/unreviewed/2024/05/GHSA-g3v4-6rhh-7539/GHSA-g3v4-6rhh-7539.json +++ b/advisories/unreviewed/2024/05/GHSA-g3v4-6rhh-7539/GHSA-g3v4-6rhh-7539.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-g3v4-6rhh-7539", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47254" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix use-after-free in gfs2_glock_shrink_scan\n\nThe GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to\nremove the glock from the lru list in __gfs2_glock_put().\n\nOn the shrink scan path, the same flag is cleared under lru_lock but because\nof cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the\nput side can be made without deleting the glock from the lru list.\n\nKeep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to\nensure correct behavior on both sides - clear GLF_LRU after list_del under\nlru_lock.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:14Z" diff --git a/advisories/unreviewed/2024/05/GHSA-gg86-5h5f-jrwx/GHSA-gg86-5h5f-jrwx.json b/advisories/unreviewed/2024/05/GHSA-gg86-5h5f-jrwx/GHSA-gg86-5h5f-jrwx.json index 1a8050af41024..bb663ed93e8cb 100644 --- a/advisories/unreviewed/2024/05/GHSA-gg86-5h5f-jrwx/GHSA-gg86-5h5f-jrwx.json +++ b/advisories/unreviewed/2024/05/GHSA-gg86-5h5f-jrwx/GHSA-gg86-5h5f-jrwx.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-gg86-5h5f-jrwx", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47253" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential memory leak in DMUB hw_init\n\n[Why]\nOn resume we perform DMUB hw_init which allocates memory:\ndm_resume->dm_dmub_hw_init->dc_dmub_srv_create->kzalloc\nThat results in memory leak in suspend/resume scenarios.\n\n[How]\nAllocate memory for the DC wrapper to DMUB only if it was not\nallocated before.\nNo need to reallocate it on suspend/resume.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:14Z" diff --git a/advisories/unreviewed/2024/05/GHSA-gx2j-3fvm-rqj3/GHSA-gx2j-3fvm-rqj3.json b/advisories/unreviewed/2024/05/GHSA-gx2j-3fvm-rqj3/GHSA-gx2j-3fvm-rqj3.json index 51273edd6c84e..fbdecfb82050c 100644 --- a/advisories/unreviewed/2024/05/GHSA-gx2j-3fvm-rqj3/GHSA-gx2j-3fvm-rqj3.json +++ b/advisories/unreviewed/2024/05/GHSA-gx2j-3fvm-rqj3/GHSA-gx2j-3fvm-rqj3.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-gx2j-3fvm-rqj3", - "modified": "2024-05-21T15:31:45Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:45Z", "aliases": [ "CVE-2021-47420" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: fix a potential ttm->sg memory leak\n\nMemory is allocated for ttm->sg by kmalloc in kfd_mem_dmamap_userptr,\nbut isn't freed by kfree in kfd_mem_dmaunmap_userptr. Free it!", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -24,8 +29,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:27Z" diff --git a/advisories/unreviewed/2024/05/GHSA-hpp4-8vc7-9fh4/GHSA-hpp4-8vc7-9fh4.json b/advisories/unreviewed/2024/05/GHSA-hpp4-8vc7-9fh4/GHSA-hpp4-8vc7-9fh4.json index dc968b4cd2d87..c18913143e7fb 100644 --- a/advisories/unreviewed/2024/05/GHSA-hpp4-8vc7-9fh4/GHSA-hpp4-8vc7-9fh4.json +++ b/advisories/unreviewed/2024/05/GHSA-hpp4-8vc7-9fh4/GHSA-hpp4-8vc7-9fh4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-hpp4-8vc7-9fh4", - "modified": "2024-06-27T12:30:46Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T09:34:47Z", "aliases": [ "CVE-2024-35902" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix possible cp null dereference\n\ncp might be null, calling cp->cp_conn would produce null dereference\n\n[Simon Horman adds:]\n\nAnalysis:\n\n* cp is a parameter of __rds_rdma_map and is not reassigned.\n\n* The following call-sites pass a NULL cp argument to __rds_rdma_map()\n\n - rds_get_mr()\n - rds_get_mr_for_dest\n\n* Prior to the code above, the following assumes that cp may be NULL\n (which is indicative, but could itself be unnecessary)\n\n\ttrans_private = rs->rs_transport->get_mr(\n\t\tsg, nents, rs, &mr->r_key, cp ? cp->cp_conn : NULL,\n\t\targs->vec.addr, args->vec.bytes,\n\t\tneed_odp ? ODP_ZEROBASED : ODP_NOT_NEEDED);\n\n* The code modified by this patch is guarded by IS_ERR(trans_private),\n where trans_private is assigned as per the previous point in this analysis.\n\n The only implementation of get_mr that I could locate is rds_ib_get_mr()\n which can return an ERR_PTR if the conn (4th) argument is NULL.\n\n* ret is set to PTR_ERR(trans_private).\n rds_ib_get_mr can return ERR_PTR(-ENODEV) if the conn (4th) argument is NULL.\n Thus ret may be -ENODEV in which case the code in question will execute.\n\nConclusion:\n* cp may be NULL at the point where this patch adds a check;\n this patch does seem to address a possible bug", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -56,8 +61,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T09:15:11Z" diff --git a/advisories/unreviewed/2024/05/GHSA-hw85-hfvh-5cgr/GHSA-hw85-hfvh-5cgr.json b/advisories/unreviewed/2024/05/GHSA-hw85-hfvh-5cgr/GHSA-hw85-hfvh-5cgr.json index e23fcff0ad654..b7a166fc02601 100644 --- a/advisories/unreviewed/2024/05/GHSA-hw85-hfvh-5cgr/GHSA-hw85-hfvh-5cgr.json +++ b/advisories/unreviewed/2024/05/GHSA-hw85-hfvh-5cgr/GHSA-hw85-hfvh-5cgr.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-hw85-hfvh-5cgr", - "modified": "2024-05-19T12:30:38Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T12:30:38Z", "aliases": [ "CVE-2024-35929" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n CPU2 CPU11\nkthread\nrcu_nocb_cb_kthread ksys_write\nrcu_do_batch vfs_write\nrcu_torture_timer_cb proc_sys_write\n__kmem_cache_free proc_sys_call_handler\nkmemleak_free drop_caches_sysctl_handler\ndelete_object_full drop_slab\n__delete_object shrink_slab\nput_object lazy_rcu_shrink_scan\ncall_rcu rcu_nocb_flush_bypass\n__call_rcu_commn rcu_nocb_bypass_lock\n raw_spin_trylock(&rdp->nocb_bypass_lock) fail\n atomic_inc(&rdp->nocb_lock_contended);\nrcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu);\n WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) |\n |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with \"echo 3 > /proc/sys/vm/drop_caches\".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -29,7 +34,7 @@ ], "database_specific": { "cwe_ids": [], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T11:15:48Z" diff --git a/advisories/unreviewed/2024/05/GHSA-hw8p-x386-rr5f/GHSA-hw8p-x386-rr5f.json b/advisories/unreviewed/2024/05/GHSA-hw8p-x386-rr5f/GHSA-hw8p-x386-rr5f.json index 8abfd24ae02ef..a2b1a7043c9cf 100644 --- a/advisories/unreviewed/2024/05/GHSA-hw8p-x386-rr5f/GHSA-hw8p-x386-rr5f.json +++ b/advisories/unreviewed/2024/05/GHSA-hw8p-x386-rr5f/GHSA-hw8p-x386-rr5f.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-hw8p-x386-rr5f", - "modified": "2024-06-27T12:30:46Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T12:30:38Z", "aliases": [ "CVE-2024-35922" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbmon: prevent division by zero in fb_videomode_from_videomode()\n\nThe expression htotal * vtotal can have a zero value on\noverflow. It is necessary to prevent division by zero like in\nfb_var_to_videomode().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -56,8 +61,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-369" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T11:15:48Z" diff --git a/advisories/unreviewed/2024/05/GHSA-jqwg-pjjq-gqv5/GHSA-jqwg-pjjq-gqv5.json b/advisories/unreviewed/2024/05/GHSA-jqwg-pjjq-gqv5/GHSA-jqwg-pjjq-gqv5.json index 7c049542accbd..e6b23a25b3db8 100644 --- a/advisories/unreviewed/2024/05/GHSA-jqwg-pjjq-gqv5/GHSA-jqwg-pjjq-gqv5.json +++ b/advisories/unreviewed/2024/05/GHSA-jqwg-pjjq-gqv5/GHSA-jqwg-pjjq-gqv5.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-jqwg-pjjq-gqv5", - "modified": "2024-05-21T15:31:45Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:45Z", "aliases": [ "CVE-2021-47423" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/debugfs: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the 'op' allocated in single_open() will be leaked.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -44,8 +49,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:27Z" diff --git a/advisories/unreviewed/2024/05/GHSA-pcr5-v468-562j/GHSA-pcr5-v468-562j.json b/advisories/unreviewed/2024/05/GHSA-pcr5-v468-562j/GHSA-pcr5-v468-562j.json index b296ff2d659a5..edc2df2a3b317 100644 --- a/advisories/unreviewed/2024/05/GHSA-pcr5-v468-562j/GHSA-pcr5-v468-562j.json +++ b/advisories/unreviewed/2024/05/GHSA-pcr5-v468-562j/GHSA-pcr5-v468-562j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pcr5-v468-562j", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47235" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: fix potential use-after-free in ec_bhf_remove\n\nstatic void ec_bhf_remove(struct pci_dev *dev)\n{\n...\n\tstruct ec_bhf_priv *priv = netdev_priv(net_dev);\n\n\tunregister_netdev(net_dev);\n\tfree_netdev(net_dev);\n\n\tpci_iounmap(dev, priv->dma_io);\n\tpci_iounmap(dev, priv->io);\n...\n}\n\npriv is netdev private data, but it is used\nafter free_netdev(). It can cause use-after-free when accessing priv\npointer. So, fix it by moving free_netdev() after pci_iounmap()\ncalls.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:12Z" diff --git a/advisories/unreviewed/2024/05/GHSA-pmmh-7pm7-hc62/GHSA-pmmh-7pm7-hc62.json b/advisories/unreviewed/2024/05/GHSA-pmmh-7pm7-hc62/GHSA-pmmh-7pm7-hc62.json index 55f95525ca579..a7ed0f86da4f8 100644 --- a/advisories/unreviewed/2024/05/GHSA-pmmh-7pm7-hc62/GHSA-pmmh-7pm7-hc62.json +++ b/advisories/unreviewed/2024/05/GHSA-pmmh-7pm7-hc62/GHSA-pmmh-7pm7-hc62.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-pmmh-7pm7-hc62", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47233" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL\n\ndevm_gpiod_get_array_optional may return NULL if no GPIO was assigned.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:12Z" diff --git a/advisories/unreviewed/2024/05/GHSA-prq2-qj2r-jcgv/GHSA-prq2-qj2r-jcgv.json b/advisories/unreviewed/2024/05/GHSA-prq2-qj2r-jcgv/GHSA-prq2-qj2r-jcgv.json index 422b0efb1d349..f9ffc9dc74824 100644 --- a/advisories/unreviewed/2024/05/GHSA-prq2-qj2r-jcgv/GHSA-prq2-qj2r-jcgv.json +++ b/advisories/unreviewed/2024/05/GHSA-prq2-qj2r-jcgv/GHSA-prq2-qj2r-jcgv.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-prq2-qj2r-jcgv", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47249" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: fix memory leak in rds_recvmsg\n\nSyzbot reported memory leak in rds. The problem\nwas in unputted refcount in case of error.\n\nint rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,\n\t\tint msg_flags)\n{\n...\n\n\tif (!rds_next_incoming(rs, &inc)) {\n\t\t...\n\t}\n\nAfter this \"if\" inc refcount incremented and\n\n\tif (rds_cmsg_recv(inc, msg, rs)) {\n\t\tret = -EFAULT;\n\t\tgoto out;\n\t}\n...\nout:\n\treturn ret;\n}\n\nin case of rds_cmsg_recv() fail the refcount won't be\ndecremented. And it's easy to see from ftrace log, that\nrds_inc_addref() don't have rds_inc_put() pair in\nrds_recvmsg() after rds_cmsg_recv()\n\n 1) | rds_recvmsg() {\n 1) 3.721 us | rds_inc_addref();\n 1) 3.853 us | rds_message_inc_copy_to_user();\n 1) + 10.395 us | rds_cmsg_recv();\n 1) + 34.260 us | }", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-q44p-8h6w-57m6/GHSA-q44p-8h6w-57m6.json b/advisories/unreviewed/2024/05/GHSA-q44p-8h6w-57m6/GHSA-q44p-8h6w-57m6.json index 9824dd7e97e4c..a06d4a53cc69a 100644 --- a/advisories/unreviewed/2024/05/GHSA-q44p-8h6w-57m6/GHSA-q44p-8h6w-57m6.json +++ b/advisories/unreviewed/2024/05/GHSA-q44p-8h6w-57m6/GHSA-q44p-8h6w-57m6.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-q44p-8h6w-57m6", - "modified": "2024-05-21T15:31:44Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:44Z", "aliases": [ "CVE-2021-47388" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix use-after-free in CCMP/GCMP RX\n\nWhen PN checking is done in mac80211, for fragmentation we need\nto copy the PN to the RX struct so we can later use it to do a\ncomparison, since commit bf30ca922a0c (\"mac80211: check defrag\nPN against current frame\").\n\nUnfortunately, in that commit I used the 'hdr' variable without\nit being necessarily valid, so use-after-free could occur if it\nwas necessary to reallocate (parts of) the frame.\n\nFix this by reloading the variable after the code that results\nin the reallocations, if any.\n\nThis fixes https://bugzilla.kernel.org/show_bug.cgi?id=214401.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:24Z" diff --git a/advisories/unreviewed/2024/05/GHSA-qh4w-v3w8-h422/GHSA-qh4w-v3w8-h422.json b/advisories/unreviewed/2024/05/GHSA-qh4w-v3w8-h422/GHSA-qh4w-v3w8-h422.json index e2c2972aa4ddd..3fa59ce59b7ba 100644 --- a/advisories/unreviewed/2024/05/GHSA-qh4w-v3w8-h422/GHSA-qh4w-v3w8-h422.json +++ b/advisories/unreviewed/2024/05/GHSA-qh4w-v3w8-h422/GHSA-qh4w-v3w8-h422.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-qh4w-v3w8-h422", - "modified": "2024-05-19T12:30:38Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T12:30:38Z", "aliases": [ "CVE-2024-35921" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: Fix oops when HEVC init fails\n\nThe stateless HEVC decoder saves the instance pointer in the context\nregardless if the initialization worked or not. This caused a use after\nfree, when the pointer is freed in case of a failure in the deinit\nfunction.\nOnly store the instance pointer when the initialization was successful,\nto solve this issue.\n\n Hardware name: Acer Tomato (rev3 - 4) board (DT)\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec]\n lr : vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec]\n sp : ffff80008750bc20\n x29: ffff80008750bc20 x28: ffff1299f6d70000 x27: 0000000000000000\n x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n x23: ffff80008750bc98 x22: 000000000000a003 x21: ffffd45c4cfae000\n x20: 0000000000000010 x19: ffff1299fd668310 x18: 000000000000001a\n x17: 000000040044ffff x16: ffffd45cb15dc648 x15: 0000000000000000\n x14: ffff1299c08da1c0 x13: ffffd45cb1f87a10 x12: ffffd45cb2f5fe80\n x11: 0000000000000001 x10: 0000000000001b30 x9 : ffffd45c4d12b488\n x8 : 1fffe25339380d81 x7 : 0000000000000001 x6 : ffff1299c9c06c00\n x5 : 0000000000000132 x4 : 0000000000000000 x3 : 0000000000000000\n x2 : 0000000000000010 x1 : ffff80008750bc98 x0 : 0000000000000000\n Call trace:\n vcodec_vpu_send_msg+0x4c/0x190 [mtk_vcodec_dec]\n vcodec_send_ap_ipi+0x78/0x170 [mtk_vcodec_dec]\n vpu_dec_deinit+0x1c/0x30 [mtk_vcodec_dec]\n vdec_hevc_slice_deinit+0x30/0x98 [mtk_vcodec_dec]\n vdec_if_deinit+0x38/0x68 [mtk_vcodec_dec]\n mtk_vcodec_dec_release+0x20/0x40 [mtk_vcodec_dec]\n fops_vcodec_release+0x64/0x118 [mtk_vcodec_dec]\n v4l2_release+0x7c/0x100\n __fput+0x80/0x2d8\n __fput_sync+0x58/0x70\n __arm64_sys_close+0x40/0x90\n invoke_syscall+0x50/0x128\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x38/0xd8\n el0t_64_sync_handler+0xc0/0xc8\n el0t_64_sync+0x1a8/0x1b0\n Code: d503201f f9401660 b900127f b900227f (f9400400)", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-416" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T11:15:48Z" diff --git a/advisories/unreviewed/2024/05/GHSA-qj4q-cgq8-w2m4/GHSA-qj4q-cgq8-w2m4.json b/advisories/unreviewed/2024/05/GHSA-qj4q-cgq8-w2m4/GHSA-qj4q-cgq8-w2m4.json index fada795a4782e..88436bc0743b9 100644 --- a/advisories/unreviewed/2024/05/GHSA-qj4q-cgq8-w2m4/GHSA-qj4q-cgq8-w2m4.json +++ b/advisories/unreviewed/2024/05/GHSA-qj4q-cgq8-w2m4/GHSA-qj4q-cgq8-w2m4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-qj4q-cgq8-w2m4", - "modified": "2024-05-21T15:31:45Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:45Z", "aliases": [ "CVE-2021-47413" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle\n\nWhen passing 'phys' in the devicetree to describe the USB PHY phandle\n(which is the recommended way according to\nDocumentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the\nfollowing NULL pointer dereference is observed on i.MX7 and i.MX8MM:\n\n[ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\n[ 1.498170] Mem abort info:\n[ 1.500966] ESR = 0x96000044\n[ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.509356] SET = 0, FnV = 0\n[ 1.512416] EA = 0, S1PTW = 0\n[ 1.515569] FSC = 0x04: level 0 translation fault\n[ 1.520458] Data abort info:\n[ 1.523349] ISV = 0, ISS = 0x00000044\n[ 1.527196] CM = 0, WnR = 1\n[ 1.530176] [0000000000000098] user address but active_mm is swapper\n[ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP\n[ 1.542125] Modules linked in:\n[ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3\n[ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT)\n[ 1.557133] Workqueue: events_unbound deferred_probe_work_func\n[ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)\n[ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510\n[ 1.573973] lr : imx7d_charger_detection+0x22c/0x510\n\nThis happens because the charger functions check for the phy presence\ninside the imx_usbmisc_data structure (data->usb_phy), but the chipidea\ncore populates the usb_phy passed via 'phys' inside 'struct ci_hdrc'\n(ci->usb_phy) instead.\n\nThis causes the NULL pointer dereference inside imx7d_charger_detection().\n\nFix it by also searching for 'phys' in case 'fsl,usbphy' is not found.\n\nTested on a imx7s-warp board.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:26Z" diff --git a/advisories/unreviewed/2024/05/GHSA-r2r3-fm28-9g3h/GHSA-r2r3-fm28-9g3h.json b/advisories/unreviewed/2024/05/GHSA-r2r3-fm28-9g3h/GHSA-r2r3-fm28-9g3h.json index 7fd8b056f8efb..f66224ba40f29 100644 --- a/advisories/unreviewed/2024/05/GHSA-r2r3-fm28-9g3h/GHSA-r2r3-fm28-9g3h.json +++ b/advisories/unreviewed/2024/05/GHSA-r2r3-fm28-9g3h/GHSA-r2r3-fm28-9g3h.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-r2r3-fm28-9g3h", - "modified": "2024-05-21T15:31:44Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:44Z", "aliases": [ "CVE-2021-47390" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()\n\nKASAN reports the following issue:\n\n BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm]\n Read of size 8 at addr ffffc9001364f638 by task qemu-kvm/4798\n\n CPU: 0 PID: 4798 Comm: qemu-kvm Tainted: G X --------- ---\n Hardware name: AMD Corporation DAYTONA_X/DAYTONA_X, BIOS RYM0081C 07/13/2020\n Call Trace:\n dump_stack+0xa5/0xe6\n print_address_description.constprop.0+0x18/0x130\n ? kvm_make_vcpus_request_mask+0x174/0x440 [kvm]\n __kasan_report.cold+0x7f/0x114\n ? kvm_make_vcpus_request_mask+0x174/0x440 [kvm]\n kasan_report+0x38/0x50\n kasan_check_range+0xf5/0x1d0\n kvm_make_vcpus_request_mask+0x174/0x440 [kvm]\n kvm_make_scan_ioapic_request_mask+0x84/0xc0 [kvm]\n ? kvm_arch_exit+0x110/0x110 [kvm]\n ? sched_clock+0x5/0x10\n ioapic_write_indirect+0x59f/0x9e0 [kvm]\n ? static_obj+0xc0/0xc0\n ? __lock_acquired+0x1d2/0x8c0\n ? kvm_ioapic_eoi_inject_work+0x120/0x120 [kvm]\n\nThe problem appears to be that 'vcpu_bitmap' is allocated as a single long\non stack and it should really be KVM_MAX_VCPUS long. We also seem to clear\nthe lower 16 bits of it with bitmap_zero() for no particular reason (my\nguess would be that 'bitmap' and 'vcpu_bitmap' variables in\nkvm_bitmap_or_dest_vcpus() caused the confusion: while the later is indeed\n16-bit long, the later should accommodate all possible vCPUs).", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:24Z" diff --git a/advisories/unreviewed/2024/05/GHSA-wr5g-85mp-25c9/GHSA-wr5g-85mp-25c9.json b/advisories/unreviewed/2024/05/GHSA-wr5g-85mp-25c9/GHSA-wr5g-85mp-25c9.json index ab65efc029eab..11a32e5b0d4bb 100644 --- a/advisories/unreviewed/2024/05/GHSA-wr5g-85mp-25c9/GHSA-wr5g-85mp-25c9.json +++ b/advisories/unreviewed/2024/05/GHSA-wr5g-85mp-25c9/GHSA-wr5g-85mp-25c9.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-wr5g-85mp-25c9", - "modified": "2024-05-21T15:31:40Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:40Z", "aliases": [ "CVE-2021-47250" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ipv4: fix memory leak in netlbl_cipsov4_add_std\n\nReported by syzkaller:\nBUG: memory leak\nunreferenced object 0xffff888105df7000 (size 64):\ncomm \"syz-executor842\", pid 360, jiffies 4294824824 (age 22.546s)\nhex dump (first 32 bytes):\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\nbacktrace:\n[<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline]\n[<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline]\n[<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline]\n[<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416\n[<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739\n[<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline]\n[<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800\n[<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504\n[<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811\n[<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]\n[<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340\n[<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929\n[<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline]\n[<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674\n[<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350\n[<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404\n[<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433\n[<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47\n[<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe memory of doi_def->map.std pointing is allocated in\nnetlbl_cipsov4_add_std, but no place has freed it. It should be\nfreed in cipso_v4_doi_free which frees the cipso DOI resource.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -48,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:13Z" diff --git a/advisories/unreviewed/2024/05/GHSA-x5xr-8rhw-qpr4/GHSA-x5xr-8rhw-qpr4.json b/advisories/unreviewed/2024/05/GHSA-x5xr-8rhw-qpr4/GHSA-x5xr-8rhw-qpr4.json index 414a20c69282c..dade7a5addd57 100644 --- a/advisories/unreviewed/2024/05/GHSA-x5xr-8rhw-qpr4/GHSA-x5xr-8rhw-qpr4.json +++ b/advisories/unreviewed/2024/05/GHSA-x5xr-8rhw-qpr4/GHSA-x5xr-8rhw-qpr4.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-x5xr-8rhw-qpr4", - "modified": "2024-05-19T09:34:47Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T09:34:47Z", "aliases": [ "CVE-2024-35907" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxbf_gige: call request_irq() after NAPI initialized\n\nThe mlxbf_gige driver encounters a NULL pointer exception in\nmlxbf_gige_open() when kdump is enabled. The sequence to reproduce\nthe exception is as follows:\na) enable kdump\nb) trigger kdump via \"echo c > /proc/sysrq-trigger\"\nc) kdump kernel executes\nd) kdump kernel loads mlxbf_gige module\ne) the mlxbf_gige module runs its open() as the\n the \"oob_net0\" interface is brought up\nf) mlxbf_gige module will experience an exception\n during its open(), something like:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Mem abort info:\n ESR = 0x0000000086000004\n EC = 0x21: IABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n user pgtable: 4k pages, 48-bit VAs, pgdp=00000000e29a4000\n [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000086000004 [#1] SMP\n CPU: 0 PID: 812 Comm: NetworkManager Tainted: G OE 5.15.0-1035-bluefield #37-Ubuntu\n Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.6.0.13024 Jan 19 2024\n pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : 0x0\n lr : __napi_poll+0x40/0x230\n sp : ffff800008003e00\n x29: ffff800008003e00 x28: 0000000000000000 x27: 00000000ffffffff\n x26: ffff000066027238 x25: ffff00007cedec00 x24: ffff800008003ec8\n x23: 000000000000012c x22: ffff800008003eb7 x21: 0000000000000000\n x20: 0000000000000001 x19: ffff000066027238 x18: 0000000000000000\n x17: ffff578fcb450000 x16: ffffa870b083c7c0 x15: 0000aaab010441d0\n x14: 0000000000000001 x13: 00726f7272655f65 x12: 6769675f6662786c\n x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa870b0842398\n x8 : 0000000000000004 x7 : fe5a48b9069706ea x6 : 17fdb11fc84ae0d2\n x5 : d94a82549d594f35 x4 : 0000000000000000 x3 : 0000000000400100\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000066027238\n Call trace:\n 0x0\n net_rx_action+0x178/0x360\n __do_softirq+0x15c/0x428\n __irq_exit_rcu+0xac/0xec\n irq_exit+0x18/0x2c\n handle_domain_irq+0x6c/0xa0\n gic_handle_irq+0xec/0x1b0\n call_on_irq_stack+0x20/0x2c\n do_interrupt_handler+0x5c/0x70\n el1_interrupt+0x30/0x50\n el1h_64_irq_handler+0x18/0x2c\n el1h_64_irq+0x7c/0x80\n __setup_irq+0x4c0/0x950\n request_threaded_irq+0xf4/0x1bc\n mlxbf_gige_request_irqs+0x68/0x110 [mlxbf_gige]\n mlxbf_gige_open+0x5c/0x170 [mlxbf_gige]\n __dev_open+0x100/0x220\n __dev_change_flags+0x16c/0x1f0\n dev_change_flags+0x2c/0x70\n do_setlink+0x220/0xa40\n __rtnl_newlink+0x56c/0x8a0\n rtnl_newlink+0x58/0x84\n rtnetlink_rcv_msg+0x138/0x3c4\n netlink_rcv_skb+0x64/0x130\n rtnetlink_rcv+0x20/0x30\n netlink_unicast+0x2ec/0x360\n netlink_sendmsg+0x278/0x490\n __sock_sendmsg+0x5c/0x6c\n ____sys_sendmsg+0x290/0x2d4\n ___sys_sendmsg+0x84/0xd0\n __sys_sendmsg+0x70/0xd0\n __arm64_sys_sendmsg+0x2c/0x40\n invoke_syscall+0x78/0x100\n el0_svc_common.constprop.0+0x54/0x184\n do_el0_svc+0x30/0xac\n el0_svc+0x48/0x160\n el0t_64_sync_handler+0xa4/0x12c\n el0t_64_sync+0x1a4/0x1a8\n Code: bad PC value\n ---[ end trace 7d1c3f3bf9d81885 ]---\n Kernel panic - not syncing: Oops: Fatal exception in interrupt\n Kernel Offset: 0x2870a7a00000 from 0xffff800008000000\n PHYS_OFFSET: 0x80000000\n CPU features: 0x0,000005c1,a3332a5a\n Memory Limit: none\n ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nThe exception happens because there is a pending RX interrupt before the\ncall to request_irq(RX IRQ) executes. Then, the RX IRQ handler fires\nimmediately after this request_irq() completes. The\n---truncated---", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -36,8 +41,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-476" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T09:15:11Z" diff --git a/advisories/unreviewed/2024/05/GHSA-xm9j-x4hp-v2x3/GHSA-xm9j-x4hp-v2x3.json b/advisories/unreviewed/2024/05/GHSA-xm9j-x4hp-v2x3/GHSA-xm9j-x4hp-v2x3.json index 9fdc887cd9587..edbb3ccc63cdd 100644 --- a/advisories/unreviewed/2024/05/GHSA-xm9j-x4hp-v2x3/GHSA-xm9j-x4hp-v2x3.json +++ b/advisories/unreviewed/2024/05/GHSA-xm9j-x4hp-v2x3/GHSA-xm9j-x4hp-v2x3.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-xm9j-x4hp-v2x3", - "modified": "2024-05-21T15:31:45Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-05-21T15:31:45Z", "aliases": [ "CVE-2021-47422" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/kms/nv50-: fix file release memory leak\n\nWhen using single_open() for opening, single_release() should be\ncalled, otherwise the 'op' allocated in single_open() will be leaked.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -28,8 +33,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-21T15:15:27Z" diff --git a/advisories/unreviewed/2024/05/GHSA-xwxp-fcpw-w82j/GHSA-xwxp-fcpw-w82j.json b/advisories/unreviewed/2024/05/GHSA-xwxp-fcpw-w82j/GHSA-xwxp-fcpw-w82j.json index e12f7bf93559c..389f43230f2f6 100644 --- a/advisories/unreviewed/2024/05/GHSA-xwxp-fcpw-w82j/GHSA-xwxp-fcpw-w82j.json +++ b/advisories/unreviewed/2024/05/GHSA-xwxp-fcpw-w82j/GHSA-xwxp-fcpw-w82j.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-xwxp-fcpw-w82j", - "modified": "2024-06-27T12:30:46Z", + "modified": "2024-12-30T21:30:45Z", "published": "2024-05-19T12:30:38Z", "aliases": [ "CVE-2024-35930" ], "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()\n\nThe call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an\nunsuccessful status. In such cases, the elsiocb is not issued, the\ncompletion is not called, and thus the elsiocb resource is leaked.\n\nCheck return value after calling lpfc_sli4_resume_rpi() and conditionally\nrelease the elsiocb resource.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ], "affected": [], "references": [ { @@ -56,8 +61,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-401" + ], + "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-05-19T11:15:49Z" diff --git a/advisories/unreviewed/2024/07/GHSA-3g8x-wqfp-q876/GHSA-3g8x-wqfp-q876.json b/advisories/unreviewed/2024/07/GHSA-3g8x-wqfp-q876/GHSA-3g8x-wqfp-q876.json index 392b77539dd6f..6ba5a6897d488 100644 --- a/advisories/unreviewed/2024/07/GHSA-3g8x-wqfp-q876/GHSA-3g8x-wqfp-q876.json +++ b/advisories/unreviewed/2024/07/GHSA-3g8x-wqfp-q876/GHSA-3g8x-wqfp-q876.json @@ -1,13 +1,18 @@ { "schema_version": "1.4.0", "id": "GHSA-3g8x-wqfp-q876", - "modified": "2024-07-23T09:30:39Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-07-09T12:30:58Z", "aliases": [ "CVE-2024-3596" ], "details": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", - "severity": [], + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ], "affected": [], "references": [ { @@ -30,6 +35,14 @@ "type": "WEB", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014" }, + { + "type": "WEB", + "url": "https://security.netapp.com/advisory/ntap-20240822-0001" + }, + { + "type": "WEB", + "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol" + }, { "type": "WEB", "url": "https://www.blastradius.fail" @@ -40,8 +53,10 @@ } ], "database_specific": { - "cwe_ids": [], - "severity": null, + "cwe_ids": [ + "CWE-354" + ], + "severity": "CRITICAL", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-07-09T12:15:20Z" diff --git a/advisories/unreviewed/2024/12/GHSA-2r3p-qwrg-gqxg/GHSA-2r3p-qwrg-gqxg.json b/advisories/unreviewed/2024/12/GHSA-2r3p-qwrg-gqxg/GHSA-2r3p-qwrg-gqxg.json new file mode 100644 index 0000000000000..be3cba8458c1f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-2r3p-qwrg-gqxg/GHSA-2r3p-qwrg-gqxg.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2r3p-qwrg-gqxg", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-11946" + ], + "details": "iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11946" + }, + { + "type": "WEB", + "url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1644" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-319" + ], + "severity": "LOW", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-42jc-g99g-2vp7/GHSA-42jc-g99g-2vp7.json b/advisories/unreviewed/2024/12/GHSA-42jc-g99g-2vp7/GHSA-42jc-g99g-2vp7.json new file mode 100644 index 0000000000000..5e3f6bf249195 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-42jc-g99g-2vp7/GHSA-42jc-g99g-2vp7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-42jc-g99g-2vp7", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13048" + ], + "details": "Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24844.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13048" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1732" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-43c2-phgp-56f4/GHSA-43c2-phgp-56f4.json b/advisories/unreviewed/2024/12/GHSA-43c2-phgp-56f4/GHSA-43c2-phgp-56f4.json index 05b41f71bebe2..0371c109367fe 100644 --- a/advisories/unreviewed/2024/12/GHSA-43c2-phgp-56f4/GHSA-43c2-phgp-56f4.json +++ b/advisories/unreviewed/2024/12/GHSA-43c2-phgp-56f4/GHSA-43c2-phgp-56f4.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-43c2-phgp-56f4", - "modified": "2024-12-29T21:30:29Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-12-29T21:30:29Z", "aliases": [ "CVE-2024-13019" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://code-projects.org" }, + { + "type": "WEB", + "url": "https://code-projects.org/chat-system-using-php-source-code" + }, { "type": "WEB", "url": "https://vuldb.com/?ctiid.289710" diff --git a/advisories/unreviewed/2024/12/GHSA-4545-q8rv-g7f9/GHSA-4545-q8rv-g7f9.json b/advisories/unreviewed/2024/12/GHSA-4545-q8rv-g7f9/GHSA-4545-q8rv-g7f9.json new file mode 100644 index 0000000000000..c803d9c901cc7 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4545-q8rv-g7f9/GHSA-4545-q8rv-g7f9.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4545-q8rv-g7f9", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13045" + ], + "details": "Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24848.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13045" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1729" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-121" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4h74-vc8c-xw9c/GHSA-4h74-vc8c-xw9c.json b/advisories/unreviewed/2024/12/GHSA-4h74-vc8c-xw9c/GHSA-4h74-vc8c-xw9c.json new file mode 100644 index 0000000000000..b031a82f0320e --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4h74-vc8c-xw9c/GHSA-4h74-vc8c-xw9c.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4h74-vc8c-xw9c", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13044" + ], + "details": "Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24870.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13044" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1728" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4xwp-g9pw-p63q/GHSA-4xwp-g9pw-p63q.json b/advisories/unreviewed/2024/12/GHSA-4xwp-g9pw-p63q/GHSA-4xwp-g9pw-p63q.json new file mode 100644 index 0000000000000..a69e12af4d34b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4xwp-g9pw-p63q/GHSA-4xwp-g9pw-p63q.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4xwp-g9pw-p63q", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13042" + ], + "details": "A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file SubjectController.class.php. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13042" + }, + { + "type": "WEB", + "url": "https://github.com/BxYQ/zg_fileread" + }, + { + "type": "WEB", + "url": "https://github.com/BxYQ/zg_fileread/blob/main/poc.py" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289788" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289788" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.472068" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-200" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-63m5-77xw-xrr4/GHSA-63m5-77xw-xrr4.json b/advisories/unreviewed/2024/12/GHSA-63m5-77xw-xrr4/GHSA-63m5-77xw-xrr4.json new file mode 100644 index 0000000000000..a946ce160d1fc --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-63m5-77xw-xrr4/GHSA-63m5-77xw-xrr4.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-63m5-77xw-xrr4", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-12752" + ], + "details": "Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12752" + }, + { + "type": "WEB", + "url": "https://www.foxit.com/support/security-bulletins.html" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1738" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-119" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-75vw-c383-9fj8/GHSA-75vw-c383-9fj8.json b/advisories/unreviewed/2024/12/GHSA-75vw-c383-9fj8/GHSA-75vw-c383-9fj8.json new file mode 100644 index 0000000000000..7b902420b4410 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-75vw-c383-9fj8/GHSA-75vw-c383-9fj8.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-75vw-c383-9fj8", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13047" + ], + "details": "Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24843.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13047" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1731" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-843" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-866w-76w7-m942/GHSA-866w-76w7-m942.json b/advisories/unreviewed/2024/12/GHSA-866w-76w7-m942/GHSA-866w-76w7-m942.json new file mode 100644 index 0000000000000..31183cbd44cf6 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-866w-76w7-m942/GHSA-866w-76w7-m942.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-866w-76w7-m942", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13050" + ], + "details": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13050" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1734" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-9qcv-f3w6-jhh5/GHSA-9qcv-f3w6-jhh5.json b/advisories/unreviewed/2024/12/GHSA-9qcv-f3w6-jhh5/GHSA-9qcv-f3w6-jhh5.json new file mode 100644 index 0000000000000..ee190a1790992 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-9qcv-f3w6-jhh5/GHSA-9qcv-f3w6-jhh5.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9qcv-f3w6-jhh5", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13051" + ], + "details": "Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13051" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1735" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-122" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-9v5h-r53g-893v/GHSA-9v5h-r53g-893v.json b/advisories/unreviewed/2024/12/GHSA-9v5h-r53g-893v/GHSA-9v5h-r53g-893v.json new file mode 100644 index 0000000000000..fa5ca19f8558c --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-9v5h-r53g-893v/GHSA-9v5h-r53g-893v.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-9v5h-r53g-893v", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-12751" + ], + "details": "Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12751" + }, + { + "type": "WEB", + "url": "https://www.foxit.com/support/security-bulletins.html" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1737" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-125" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-h4xj-2f5c-36j7/GHSA-h4xj-2f5c-36j7.json b/advisories/unreviewed/2024/12/GHSA-h4xj-2f5c-36j7/GHSA-h4xj-2f5c-36j7.json new file mode 100644 index 0000000000000..ed57ae9a17945 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-h4xj-2f5c-36j7/GHSA-h4xj-2f5c-36j7.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-h4xj-2f5c-36j7", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13046" + ], + "details": "Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24867.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13046" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1730" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-787" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-mm9p-gqvv-gr69/GHSA-mm9p-gqvv-gr69.json b/advisories/unreviewed/2024/12/GHSA-mm9p-gqvv-gr69/GHSA-mm9p-gqvv-gr69.json new file mode 100644 index 0000000000000..fd42480d68e72 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-mm9p-gqvv-gr69/GHSA-mm9p-gqvv-gr69.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mm9p-gqvv-gr69", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13043" + ], + "details": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13043" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1727" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-pc87-q35p-2r45/GHSA-pc87-q35p-2r45.json b/advisories/unreviewed/2024/12/GHSA-pc87-q35p-2r45/GHSA-pc87-q35p-2r45.json index 994827fefce4b..1d8b3645950bf 100644 --- a/advisories/unreviewed/2024/12/GHSA-pc87-q35p-2r45/GHSA-pc87-q35p-2r45.json +++ b/advisories/unreviewed/2024/12/GHSA-pc87-q35p-2r45/GHSA-pc87-q35p-2r45.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-pc87-q35p-2r45", - "modified": "2024-12-29T21:30:29Z", + "modified": "2024-12-30T21:30:46Z", "published": "2024-12-29T21:30:29Z", "aliases": [ "CVE-2024-13020" @@ -27,6 +27,10 @@ "type": "WEB", "url": "https://code-projects.org" }, + { + "type": "WEB", + "url": "https://code-projects.org/chat-system-using-php-source-code" + }, { "type": "WEB", "url": "https://vuldb.com/?ctiid.289711" diff --git a/advisories/unreviewed/2024/12/GHSA-pffh-vp29-72w3/GHSA-pffh-vp29-72w3.json b/advisories/unreviewed/2024/12/GHSA-pffh-vp29-72w3/GHSA-pffh-vp29-72w3.json new file mode 100644 index 0000000000000..901c3c33c56c6 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-pffh-vp29-72w3/GHSA-pffh-vp29-72w3.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-pffh-vp29-72w3", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-13049" + ], + "details": "Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13049" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1733" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-843" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:07Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-rfx4-8cp9-vwwx/GHSA-rfx4-8cp9-vwwx.json b/advisories/unreviewed/2024/12/GHSA-rfx4-8cp9-vwwx/GHSA-rfx4-8cp9-vwwx.json new file mode 100644 index 0000000000000..6736f42460445 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-rfx4-8cp9-vwwx/GHSA-rfx4-8cp9-vwwx.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rfx4-8cp9-vwwx", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-12753" + ], + "details": "Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12753" + }, + { + "type": "WEB", + "url": "https://www.foxit.com/support/security-bulletins.html" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1739" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-59" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-xpwc-vww2-w3pr/GHSA-xpwc-vww2-w3pr.json b/advisories/unreviewed/2024/12/GHSA-xpwc-vww2-w3pr/GHSA-xpwc-vww2-w3pr.json new file mode 100644 index 0000000000000..680c560521f5e --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-xpwc-vww2-w3pr/GHSA-xpwc-vww2-w3pr.json @@ -0,0 +1,40 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-xpwc-vww2-w3pr", + "modified": "2024-12-30T21:30:47Z", + "published": "2024-12-30T21:30:47Z", + "aliases": [ + "CVE-2024-11944" + ], + "details": "iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11944" + }, + { + "type": "WEB", + "url": "https://www.truenas.com/docs/core/13.0/gettingstarted/corereleasenotes/#130-u63" + }, + { + "type": "WEB", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1643" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-22" + ], + "severity": "HIGH", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-30T21:15:05Z" + } +} \ No newline at end of file